Canonical Ltd Juju vulnerabilities

CVE-2023-0092 [MEDIUM] CWE-22 CVE-2023-0092: An authenticated user who has read access to the juju controller model, may construct a remote reque An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

CVE-2024-7558 [HIGH] CWE-337 CVE-2024-7558: JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju c JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.

CVE-2024-8037 [MEDIUM] CWE-276 CVE-2024-8037: Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.

CVE-2024-8038 [MEDIUM] CWE-420 CVE-2024-8038: Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsibl Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.

CVE-2024-6984 [LOW] CWE-209 CVE-2024-6984: An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.