CVE-2024-8037
- EPSS 0.1%
- Veröffentlicht 02.10.2024 11:15:11
- Zuletzt bearbeitet 26.08.2025 17:48:44
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and...
CVE-2024-8038
- EPSS 0.08%
- Veröffentlicht 02.10.2024 11:15:11
- Zuletzt bearbeitet 26.08.2025 17:44:59
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.
CVE-2024-6984
- EPSS 0.13%
- Veröffentlicht 29.07.2024 14:15:04
- Zuletzt bearbeitet 21.11.2024 09:50:41
An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.
CVE-2015-1316
- EPSS 0.36%
- Veröffentlicht 22.04.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 02:25:09
Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.
- EPSS 81.61%
- Veröffentlicht 28.05.2017 00:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.