Vulnerability Database

313,495

Total vulnerabilities in the database

CVE-2015-1340

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.

Published: Apr 22, 2019
Updated: Nov 9, 2025
CVE: CVE-2015-1340
GHSA: GHSA-8mpq-fmr3-6jxv
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
github.com/lxc/lxd/shared	-	0.0.0-20151004155856-19c6961cc101
github.com/lxc/lxd	-	0.0.0-20151004155856-19c6961cc101

https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1502270
https://github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4
https://github.com/lxc/lxd/pull/1189
https://pkg.go.dev/vuln/GO-2021-0071

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo