Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is …

Incus system container and virtual machine manager contains a path traversal vulnerability in systemd credential handling. Prior to version 6.23.0, attackers can exploit the systemd.credential configuration syntax to write files outside the intended credentials directory. By using path traversal sequences like '../../../../../../root/.bashrc' in configuration keys, attackers can write arbitrary files as root. This enables privilege escalation and denial of service attacks within container environments. The vulnerability is fixed in Incus version 6.23.0.