{"id":"CVE-2024-6156","details":"Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.","aliases":["GHSA-4c49-9fpc-hc3v","GO-2024-3312"],"modified":"2026-04-10T05:19:16.715754Z","published":"2024-12-06T00:15:04.380Z","related":["openSUSE-SU-2024:14567-1"],"references":[{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-6156"},{"type":"EVIDENCE","url":"https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/canonical/lxd","events":[{"introduced":"03aab09f5b5cbdada00c6539877dcf5932fcde98"},{"fixed":"2eacddbb65acf10b2fcea4ee92374a90d2376dc4"},{"introduced":"1e1349e3cbf30c1b2ce74e531d4dd0fd52c45be1"},{"fixed":"2101d7f6efdaa7762e6593c857cb524bfcd2859b"},{"introduced":"be2e2d38c65555880689da833c93d1e9d55ae94d"},{"fixed":"7d4a9933f4618cfe6ec8d18e2e8f91816e5ddbba"}],"database_specific":{"versions":[{"introduced":"4.0.0"},{"fixed":"4.0.10"},{"introduced":"5.0.0"},{"fixed":"5.0.4"},{"introduced":"5.1"},{"fixed":"5.21.2"}]}}],"versions":["lxd-4.0.0","lxd-4.0.1","lxd-4.0.2","lxd-4.0.3","lxd-4.0.4","lxd-4.0.5","lxd-4.0.6","lxd-4.0.7","lxd-4.0.8","lxd-4.0.9","lxd-5.0.0","lxd-5.0.1","lxd-5.0.2","lxd-5.1","lxd-5.10","lxd-5.11","lxd-5.12","lxd-5.13","lxd-5.14","lxd-5.15","lxd-5.16","lxd-5.17","lxd-5.2","lxd-5.3","lxd-5.4","lxd-5.5","lxd-5.6","lxd-5.7","lxd-5.8","lxd-5.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6156.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}]}