Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incus vulnerable to antispoofing nftables firewall rule bypass on bridge networks with ACLs
Vulnerability Description
Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and `security.ipv6_filtering`. This can lead to ARP spoofing on the bridge and to fully spoof another VM/container on the same bridge. Commit 254dfd2483ab8de39b47c2258b7f1cf0759231c8 contains a patch for the issue.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H
Vulnerability Type
授权机制不正确
Vulnerability Title
Incus 安全漏洞
Vulnerability Description
Incus是LXC开源的一个系统容器和虚拟机管理器。 Incus 6.12版本和6.13版本存在安全漏洞,该漏洞源于nftables规则部分绕过安全选项,可能导致ARP欺骗。
CVSS Information
N/A
Vulnerability Type
N/A