CVE-2023-5536 - OpenCVE

A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux

Configuration 1 [-]

cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*

References

Link	Resource
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071	Issue Tracking Vendor Advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536	Third Party Advisory
https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4	Vendor Advisory
https://ubuntu.com/security/CVE-2023-5536	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: canonical

Published: 2023-12-12T01:51:08.849Z

Updated: 2023-12-12T01:51:08.849Z

Reserved: 2023-10-11T21:19:39.035Z

Link: CVE-2023-5536

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-12T02:15:09.003

Modified: 2023-12-18T20:01:53.153

Link: CVE-2023-5536

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9B542C8-8ABA-4985-A157-8E24F43CE6DB", "versionEndExcluding": "24.04", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password."}, {"lang": "es", "value": "Una caracter\u00edstica en LXD (LP#1829071) afecta la configuraci\u00f3n predeterminada de Ubuntu Server que permite a los usuarios privilegiados del grupo lxd escalar su privilegio a root sin requerir una contrase\u00f1a sudo."}], "id": "CVE-2023-5536", "lastModified": "2023-12-18T20:01:53.153", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 4.0, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2023-12-12T02:15:09.003", "references": [{"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536"}, {"source": "security@ubuntu.com", "tags": ["Vendor Advisory"], "url": "https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4"}, {"source": "security@ubuntu.com", "tags": ["Vendor Advisory"], "url": "https://ubuntu.com/security/CVE-2023-5536"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}