GHSA-crmg-9m86-636r: lxd's non-recursive certificate listing bypasses per-object authorization and leaks all fingerprints
mediumvulnerability
security
Summary
LXD (a container management system) has a bug in its certificate listing endpoint where non-recursive requests (regular listing) return all certificate fingerprints (unique identifiers) without checking if the user has permission to view them, while recursive requests correctly filter by permission. This means any authenticated user, even those with restricted access, can see every trusted identity in the system.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack SophisticationTrivial
Affected Packages
github.com/canonical/lxd@< 0.0.0-20260224152359-d936c90d47cf (fixed: 0.0.0-20260224152359-d936c90d47cf)
Original source: https://github.com/advisories/GHSA-crmg-9m86-636r
First tracked: March 4, 2026 at 07:00 PM
Classified by LLM (prompt v3) · confidence: 95%