Vulnerability Report: GO-2024-3313

  • CVE-2024-6219, GHSA-jpmc-7p9c-4rxf
  • Affects: github.com/canonical/lxd
  • Published: Dec 09, 2024
  • Modified: Dec 11, 2024

Restricted TLS certificate privilege escalation when in PKI mode in github.com/canonical/lxd

For detailed information about this vulnerability, visit https://github.com/canonical/lxd/security/advisories/GHSA-jpmc-7p9c-4rxf.

Affected Packages

  • Path
    Go Versions
    Custom Versions*
    Symbols
  • github.com/canonical/lxd/lxd/auth
    before v0.0.0-20240403103450-0e7f2b5bf4d2
    before 5.21.1
    7 unexported affected symbols
    • fga.CheckPermission
    • fga.GetPermissionChecker
    • rbac.CheckPermission
    • rbac.GetPermissionChecker
    • tls.CheckPermission
    • tls.GetPermissionChecker
    • tls.certificateDetails

*Custom versions, which can't be mapped automatically to standard Go module versions, are ignored by govulncheck. (See this note on versions for more details.)

Aliases

References

Credits

  • @markylaing

Feedback

See anything missing or incorrect? Suggest an edit to this report.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.