Lucene search

GoogleOSV:GO-2024-3040

HistoryAug 06, 2024 - 10:03 p.m.

Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm in github.com/juju/juju

2024-08-0622:03:16

Google

osv.dev

juju

unprivileged user

leak

charm node

secret data

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

6.4

Confidence

Low

JSON

Juju’s unprivileged user running on charm node can leak any secret or relation data accessible to the local charm in github.com/juju/juju.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: github.com/juju/juju before v2.9.50, from v3.0.0 before v3.1.9, from v3.2.0 before v3.3.6, from v3.4.0 before v3.4.5, from v3.5.0 before v3.5.3.

References

github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2

github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx

nvd.nist.gov/vuln/detail/CVE-2024-6984

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

6.4

Confidence

Low

JSON

Related for OSV:GO-2024-3040