{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-5536","assignerOrgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","state":"PUBLISHED","assignerShortName":"canonical","dateReserved":"2023-10-11T21:19:39.035Z","datePublished":"2023-12-12T01:51:08.849Z","dateUpdated":"2024-08-02T07:59:44.785Z"},"containers":{"cna":{"affected":[{"vendor":"Canonical","product":"Ubuntu Server","platforms":["Linux"],"packageName":"Linux","versions":[{"status":"unaffected","version":"0","lessThan":"24.04","versionType":"semver"}]}],"descriptions":[{"lang":"en","value":"A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password."}],"workarounds":[{"lang":"en","value":"Remove users from lxd group and configure multi-user LXD mode.\nhttps://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4"}],"datePublic":"2023-12-11T00:00:00.000Z","references":[{"tags":["mitigation"],"url":"https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4"},{"tags":["issue-tracking"],"url":"https://ubuntu.com/security/CVE-2023-5536"},{"tags":["issue-tracking"],"url":"https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071"},{"tags":["issue-tracking"],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536"}],"credits":[{"lang":"en","type":"finder","value":"Tobias Jäger"}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N","baseScore":5,"baseSeverity":"MEDIUM"}}],"providerMetadata":{"orgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","shortName":"canonical","dateUpdated":"2023-12-12T01:51:08.849Z"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T07:59:44.785Z"},"title":"CVE Program Container","references":[{"tags":["mitigation","x_transferred"],"url":"https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4"},{"tags":["issue-tracking","x_transferred"],"url":"https://ubuntu.com/security/CVE-2023-5536"},{"tags":["issue-tracking","x_transferred"],"url":"https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071"},{"tags":["issue-tracking","x_transferred"],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536"}]}]}}