cbcvebase.
CVE-2024-7558
published 2024-10-02

CVE-2024-7558: JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the…

PriorityP343high8CVSS 3.1
AVAACLPRLUINSUCHIHAH
EPSS
0.50%
39.1th percentile
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.

Affected

12 ranges
VendorProductVersion rangeFixed in
canonicaljuju< 2.9.512.9.51
canonicaljuju>= 3.1.0 < 3.1.103.1.10
canonicaljuju>= 3.2.0 < 3.2.43.2.4
canonicaljuju>= 3.3.0 < 3.3.73.3.7
canonicaljuju>= 3.4 < 3.4.63.4.6
canonicaljuju>= 3.5.0 < 3.5.43.5.4
canonical_ltdjuju>= 2.9 < 2.9.512.9.51
canonical_ltdjuju>= 3.1 < 3.1.103.1.10
canonical_ltdjuju>= 3.3 < 3.3.73.3.7
canonical_ltdjuju>= 3.4 < 3.4.63.4.6
canonical_ltdjuju>= 3.5 < 3.5.43.5.4
github.comjuju_juju>= 0 < 0.0.0-20240826044107-ecd7e2d0e9860.0.0-20240826044107-ecd7e2d0e986
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.