9.9

CVE-2026-5412

Exploit

EPSS 0.01%
Veröffentlicht 10.04.2026 12:22:05
Zuletzt bearbeitet 30.04.2026 15:18:26
Quelle security@ubuntu.com
CVE-Watchlists
Login
Unerledigt
Login

Juju CloudSpec API could leak senstive information

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This issue is resolved in Juju versions 2.9.57 and 3.6.21.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Canonical ≫ Juju Version < 2.9.57

Canonical ≫ Juju Version >= 3.6 < 3.6.21

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.018

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security@ubuntu.com	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/juju/juju/pull/22206

Patch

Issue Tracking

https://github.com/juju/juju/pull/22205

Patch

Issue Tracking

https://github.com/juju/juju/security/advisories/GHSA-w5fq-8965-c969

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-5412

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-5412

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-5412

EUVD