CVE-2023-0092
published 2025-01-31CVE-2023-0092: An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's…
PriorityP428medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EPSS
0.62%
45.0th percentile
An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | juju | >= 2.9.22 < 2.9.38 | 2.9.38 |
| canonical | juju | >= 3.0.0 < 3.0.3 | 3.0.3 |
| canonical_ltd | juju | >= 2.9.22 < 2.9.38 | 2.9.38 |
| canonical_ltd | juju | >= 2.9.38 < 3.0.3 | 3.0.3 |
| canonical_ltd | juju | >= 3.0.0 < 3.0.3 | 3.0.3 |
| github.com | juju_juju | >= 2.9.22 < 2.9.38 | 2.9.38 |
| github.com | juju_juju | >= 3.0.0 < 3.0.3 | 3.0.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Juju controller - Arbitrary file reading vulnerability
osv·2023-03-01
CVE-2023-0092 [MEDIUM] Juju controller - Arbitrary file reading vulnerability
Juju controller - Arbitrary file reading vulnerability
### Impact
An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.
### Patches
Patched in juju 2.9.38 and juju 3.0.3
[juju/juju#ef803e2](https://github.com/juju/juju/commit/ef803e2a13692d355b784b7da8b4b1f01dab1556)
### Workarounds
Limit read access to the controller model to only trusted users.
GHSA
Juju controller - Arbitrary file reading vulnerability
ghsa·2023-03-01
CVE-2023-0092 [MEDIUM] CWE-22 Juju controller - Arbitrary file reading vulnerability
Juju controller - Arbitrary file reading vulnerability
### Impact
An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.
### Patches
Patched in juju 2.9.38 and juju 3.0.3
[juju/juju#ef803e2](https://github.com/juju/juju/commit/ef803e2a13692d355b784b7da8b4b1f01dab1556)
### Workarounds
Limit read access to the controller model to only trusted users.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-31
Published