Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 02 Oct 2025 09:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses. | |
Title | Project existence disclosure in LXD images API | |
Weaknesses | CWE-209 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: canonical
Published:
Updated: 2025-10-02T10:43:55.396Z
Reserved: 2025-07-18T07:59:07.917Z
Link: CVE-2025-54291

No data.

Status : Received
Published: 2025-10-02T10:15:39.387
Modified: 2025-10-02T10:15:39.387
Link: CVE-2025-54291

No data.

No data.