{"id":"CVE-2017-18641","details":"In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.","modified":"2026-03-14T09:24:56.529579Z","published":"2020-02-10T01:15:10.483Z","references":[{"type":"FIX","url":"https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lxc/lxc","events":[{"introduced":"0"},{"last_affected":"823765e50bf4df2f2365bd2590768676634919b7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.0-NA"}]}}],"versions":["lxc-0.6.5","lxc-0.7.0","lxc-0.7.1","lxc-0.7.2","lxc-0.7.3","lxc-0.7.4","lxc-0.7.4-rc1","lxc-0.7.5","lxc-0.8.0","lxc-0.8.0-rc2","lxc-0.9.0","lxc-0.9.0.alpha1","lxc-0.9.0.alpha2","lxc-0.9.0.alpha3","lxc-0.9.0.rc1","lxc-1.0.0","lxc-1.0.0.alpha1","lxc-1.0.0.alpha2","lxc-1.0.0.alpha3","lxc-1.0.0.beta1","lxc-1.0.0.beta2","lxc-1.0.0.beta3","lxc-1.0.0.beta4","lxc-1.0.0.rc1","lxc-1.0.0.rc2","lxc-1.0.0.rc3","lxc-1.0.0.rc4","lxc-1.1.0","lxc-1.1.0.alpha1","lxc-1.1.0.alpha2","lxc-1.1.0.alpha3","lxc-1.1.0.rc1","lxc-1.1.0.rc2","lxc-1.1.0.rc3","lxc-1.1.0.rc4","lxc-2.0.0","lxc-2.0.0.beta1","lxc-2.0.0.beta2","lxc-2.0.0.rc1","lxc-2.0.0.rc10","lxc-2.0.0.rc11","lxc-2.0.0.rc12","lxc-2.0.0.rc13","lxc-2.0.0.rc14","lxc-2.0.0.rc15","lxc-2.0.0.rc2","lxc-2.0.0.rc3","lxc-2.0.0.rc4","lxc-2.0.0.rc5","lxc-2.0.0.rc6","lxc-2.0.0.rc7","lxc-2.0.0.rc8","lxc-2.0.0.rc9","lxc_0_1_0","lxc_0_2_0","lxc_0_2_1","lxc_0_4_0","lxc_0_5_0","lxc_0_5_1","lxc_0_5_2","lxc_0_6_0","lxc_0_6_1","lxc_0_6_2","lxc_0_6_3","lxc_0_6_4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-18641.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}