What is CVE-2016-1582?

CVE-2016-1582 is a medium-severity vulnerability in Canonical Lxd, classified under Information Disclosure. CVSS score: 5.5/10. Published 2016-06-09.

How severe is CVE-2016-1582?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Information disclosure in Canonical Lxd

CVE-2016-1582

LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.

Vulnerability class: Information Disclosure

EPSS: 0.000 (12.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Canonical Lxd — versions 2.0.1
Canonical Ubuntu_linux — versions 15.10, 16.04
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

security@ubuntu.com (x_refsource_CONFIRM, Vendor Advisory)
USN-2988-1 (x_refsource_UBUNTU, vendor-advisory)

Frequently asked questions

What is CVE-2016-1582?: CVE-2016-1582 is a medium-severity vulnerability in Canonical Lxd, classified under Information Disclosure. CVSS score: 5.5/10. Published 2016-06-09.
How severe is CVE-2016-1582?: Medium severity. CVSS v3 base score is 5.5 out of 10.