Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.
CVSS
No CVSS.
References
Configurations
No configuration.
History
02 Oct 2025, 10:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-10-02 10:15
Updated : 2025-10-02 19:11
NVD link : CVE-2025-54290
Mitre link : CVE-2025-54290
CVE.ORG link : CVE-2025-54290
JSON object : View
Products Affected
No product.
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor