4 matches found
CVE-2026-5412
In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...
CVE-2026-5412
In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...
CVE-2026-5412
CVE-2026-5412 (Juju) : An authorization issue in the Juju Controller facade allows an authenticated, low-privileged user to call the CloudSpec API and extract cloud credentials used to bootstrap the controller. This affects Juju versions prior to 2.9.57 and 3.6.21. The issue is mitigated by upgra...
CVE-2026-5412 Juju CloudSpec API could leak senstive information
In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...