6 matches found
CVE-2026-5774 Juju API Server Denial of Service and Authentication Replay via Unsynchronized Token Map
Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token...
GO-2026-4924 Juju has a resource poisoning vulnerability in github.com/juju/juju
Juju has a resource poisoning vulnerability in github.com/juju/juju. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest ...
EUVD-2025-209209
Juju: Read All Controller Logs From Compromised Workload...
CVE-2025-68153
Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or controller under a Juju...
CVE-2025-68153 Juju: Resource poisoning
Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or controller under a Juju...
CVE-2025-68153 Juju: Resource poisoning
Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or controller under a Juju...