Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incus does not verify combined fingerprint when downloading images from simplestreams servers
Vulnerability Description
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker controlled images rather than the expected one. Version 6.23.0 patches the issue.
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
Incus 信任管理问题漏洞
Vulnerability Description
Incus是LXC开源的一个系统容器和虚拟机管理器。 Incus 6.23.0之前版本存在信任管理问题漏洞,该漏洞源于从simplestreams镜像服务器下载时缺少镜像指纹验证,可能导致镜像缓存投毒。
CVSS Information
N/A
Vulnerability Type
N/A