GCVE - cpe:2.3:a:canonical_ltd.:juju:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:canonical_ltd.:juju:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Canonical Ltd. (`21cecf50-6351-52a5-ba2e-69c633014465`)
Product	Juju (`56dd7b82-6c81-59a5-a05c-a31cbd589915`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-8038`	vulnerable	2026-06-03 14:58:08.005668	Details available HIGH (7.9) Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks. Published: 2024-10-02T10:12:38.806Z Updated: 2024-10-02T13:53:24.639Z Open on db.gcve.eu Reference links https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq https://www.cve.org/CVERecord?id=CVE-2024-8038	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8037`	vulnerable	2026-06-03 14:58:08.005180	Details available MEDIUM (6.5) Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. Published: 2024-10-02T10:12:32.318Z Updated: 2024-11-01T15:31:40.233Z Open on db.gcve.eu Reference links https://github.com/juju/juju/security/advisories/GHSA-8v4w-f4r9-7h6x https://www.cve.org/CVERecord?id=CVE-2024-8037	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-7558`	vulnerable	2026-06-03 14:58:06.359614	Details available HIGH (8.7) JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm. Published: 2024-10-02T10:06:31.098Z Updated: 2024-10-02T13:59:04.171Z Open on db.gcve.eu Reference links https://github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4 https://www.cve.org/CVERecord?id=CVE-2024-7558	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6984`	vulnerable	2026-06-03 14:58:04.648554	Details available HIGH (8.8) An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm. Published: 2024-07-29T14:04:05.925Z Updated: 2024-08-01T21:45:38.419Z Open on db.gcve.eu Reference links https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2 https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx https://www.cve.org/CVERecord?id=CVE-2024-6984	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-0092`	vulnerable	2026-06-03 14:48:45.610197	Details available MEDIUM (4.9) An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. Published: 2025-01-31T01:41:46.439Z Updated: 2025-02-07T16:10:14.052Z Open on db.gcve.eu Reference links https://github.com/advisories/GHSA-x5rv-w9pm-8qp8 https://github.com/juju/juju/commit/ef803e2a13692d355b784b7da8b4b1f01dab1556	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.