149 matches found
CVE-2025-53513
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through th...
CVE-2025-53513
Juju’s CVE-2025-53513 affects the /charms API endpoint, where authenticated users on the controller can upload charms. The vulnerability stems from insufficient authorization checks, enabling a user account to upload a charm and, via a crafted ZIP file with Zip Slip traversal, overwrite server fi...
CVE-2025-53513 Zip slip vulnerability in Juju
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through th...
CVE-2025-53513 Zip slip vulnerability in Juju
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through th...
Juju 路径遍历漏洞
Juju is an open source application orchestration engine from Canonical Juju Open Source. A security vulnerability exists in Juju that stems from insufficient authorization checking on the /charms endpoint, which could lead to an arbitrary user uploading a specially crafted charm to gain access to...
PT-2025-28634
Name of the Vulnerable Software and Affected Versions: Juju affected versions not specified Description: The issue concerns a lack of sufficient authorization checks in the "/charms" endpoint on a Juju controller, allowing any user with an account to upload a charm. This could be exploited by...
CVE-2024-8037
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...
CVE-2022-36830
PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent...
CVE-2022-29180
A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...
CVE-2022-36829
PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent...
CVE-2022-36836
Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission...
CVE-2021-37587
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...
CVE-2021-37588
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data...
CVE-2009-0764
Multiple cross-site scripting XSS vulnerabilities in Kipper 2.01 allow remote attackers to inject arbitrary web script or HTML via the charm parameter to 1 index.php and 2 kipper.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2025-24375 MySQL K8s charm could leak credentials for root-level user `serverconfig`
Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes. Before revision 221, the method for calling a SQL DDL or python based mysql-shell scripts can leak database users credentials. The method mysql-operator calls mysql-shell application rely on writing to a temporary...
CVE-2025-24375 MySQL K8s charm could leak credentials for root-level user `serverconfig`
Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes. Before revision 221, the method for calling a SQL DDL or python based mysql-shell scripts can leak database users credentials. The method mysql-operator calls mysql-shell application rely on writing to a temporary...
CVE-2025-24375
The CVE-2025-24375 entry concerns the Charmed MySQL K8s operator (and machine operator) with credential leakage risk. Root cause: the operator calls the mysql-shell/DDL scripts by writing a temporary script file containing full URIs with user credentials, created with read permissions (0644); unp...
Soft Serve 路径遍历漏洞
Soft Serve is a self-hostable command-line Git server from Charm Open Source. A path traversal vulnerability exists in Soft Serve versions prior to 0.8.2, which stems from vulnerability to a path traversal attack that allows an existing non-administrative user to access and take over another user...
SUSE CVE-2024-7558
JUJUCONTEXTID is a predictable authentication secret. On a Juju machine non-Kubernetes or Juju charm container on Kubernetes, an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJUCONTEXTID value. This gives the unprivileged user access to t...
GHSA-8V4W-F4R9-7H6X Vulnerable juju hook tool abstract UNIX domain socket
Impact When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. Patches Patch:...