CVE-2024-6984

2024-07-2914:04:05

CWE-209

canonical

www.cve.org

juju

vulnerability

sensitive data

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

16.2%

JSON

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.

CNA Affected

[
  {
    "vendor": "Canonical Ltd.",
    "product": "Juju",
    "platforms": [
      "Linux",
      "MacOS",
      "Windows"
    ],
    "packageName": "juju",
    "repo": "https://github.com/juju/juju",
    "versions": [
      {
        "status": "affected",
        "version": "3.5",
        "lessThan": "3.5.3",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "3.4",
        "lessThan": "3.4.5",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "3.3",
        "lessThan": "3.3.5",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "3.1",
        "lessThan": "3.1.9",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "2.9",
        "lessThan": "2.9.50",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]