Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-9232

CWE-862Missing Authorization8 documents6 sources
Severity
9.8CRITICAL
EPSS
81.6%
top 0.82%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Github.com Juju/jujuCanonical Juju
Timeline
PublishedMay 28
Latest updateApr 24

Description

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

Gogithub.com/juju/juju< 0.0.0-20170524231039-0417178a3c28
Ubuntujuju-core< 1.25.6-0ubuntu1.14.04.2+1
Ubuntujuju-core-1< 1.25.6-0ubuntu1.16.04.2
NVDcanonical/juju1.25.12+7

🔴Vulnerability Details

5
OSV
Juju uses a UNIX domain socket without setting appropriate permissions in github.com/juju/juju2025-04-24
GHSA
Juju uses a UNIX domain socket without setting appropriate permissions2022-05-13
OSV
Juju uses a UNIX domain socket without setting appropriate permissions2022-05-13
CVEList
CVE-2017-9232: Juju before 12017-05-28
OSV
CVE-2017-9232: Juju before 12017-05-26

💥Exploits & PoCs

1
Exploit-DB
Juju-run Agent - Privilege Escalation (Metasploit)2018-02-12

📋Vendor Advisories

1
Ubuntu
juju-core vulnerability2017-05-26
CVE-2017-9232 (CRITICAL CVSS 9.8) | Juju before 1.25.12 | cvebase.io