CVE-2024-8038Unprotected Alternate Channel in LTD Juju

CWE-420Unprotected Alternate Channel6 documents5 sources
Severity
5.5MEDIUMNVD
CNA7.9
EPSS
0.1%
top 77.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Canonical LTD JujuGithub.com Juju JujuCanonical Juju
Timeline
PublishedOct 2
Latest updateOct 9

Description

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDcanonical/juju3.1.03.1.10+5
CVEListV5canonical_ltd/juju3.53.5.4+4
Gogithub.com/juju_juju< 0.0.0-20240829052008-43f0fc59790d

Patches

Patch: github.com

🔴Vulnerability Details

4
OSV
Vulnerable juju introspection abstract UNIX domain socket in github.com/juju/juju2024-10-09
GHSA
Vulnerable juju introspection abstract UNIX domain socket2024-10-03
OSV
Vulnerable juju introspection abstract UNIX domain socket2024-10-03
CVEList
CVE-2024-8038: Vulnerable juju introspection abstract UNIX domain socket2024-10-02

💬Community

1
Bugzilla
CVE-2024-35801 kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD2024-05-18
CVE-2024-8038 — Unprotected Alternate Channel | cvebase