448 matches found
Vulnerable juju introspection abstract UNIX domain socket
Impact An abstract UNIX domain socket responsible for introspection is available without authentication locally to any user with access to the network namespace where the local juju agent is running. On a juju controller agent, denial of service can be performed by using the /leases/revoke...
GHSA-XWGJ-VPM9-Q2RQ Vulnerable juju introspection abstract UNIX domain socket
Impact An abstract UNIX domain socket responsible for introspection is available without authentication locally to any user with access to the network namespace where the local juju agent is running. On a juju controller agent, denial of service can be performed by using the /leases/revoke...
Vulnerable juju hook tool abstract UNIX domain socket
Impact When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. Patches Patch:...
GHSA-8V4W-F4R9-7H6X Vulnerable juju hook tool abstract UNIX domain socket
Impact When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. Patches Patch:...
JUJU_CONTEXT_ID is a predictable authentication secret
JUJUCONTEXTID is the authentication measure on the unit hook tool abstract domain socket. It looks like JUJUCONTEXTID=appname/0-update-status-6073989428498739633. This value looks fairly unpredictable, but due to the random source used, it is highly predictable. JUJUCONTEXTID has the following...
GHSA-MH98-763H-M9V4 JUJU_CONTEXT_ID is a predictable authentication secret
JUJUCONTEXTID is the authentication measure on the unit hook tool abstract domain socket. It looks like JUJUCONTEXTID=appname/0-update-status-6073989428498739633. This value looks fairly unpredictable, but due to the random source used, it is highly predictable. JUJUCONTEXTID has the following...
Duplicate Advisory: Vulnerable juju hook tool abstract UNIX domain socket
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8v4w-f4r9-7h6x. This link is maintained to preserve external references. Original Description Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the...
Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xwgj-vpm9-q2rq. This link is maintained to preserve external references. Original Description Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspecti...
GHSA-85QF-6845-M8P2 Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xwgj-vpm9-q2rq. This link is maintained to preserve external references. Original Description Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspecti...
CVE-2024-8037
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...
CVE-2024-7558
JUJUCONTEXTID is a predictable authentication secret. On a Juju machine non-Kubernetes or Juju charm container on Kubernetes, an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJUCONTEXTID value. This gives the unprivileged user access to t...
CVE-2024-8038
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks...
CVE-2024-7558
JUJUCONTEXTID is a predictable authentication secret. On a Juju machine non-Kubernetes or Juju charm container on Kubernetes, an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJUCONTEXTID value. This gives the unprivileged user access to t...
CVE-2024-8038
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks...
CVE-2024-8037
CVE-2024-8037 describes a vulnerability in the juju hook tool where an abstract UNIX domain socket can be misused when JUJU_CONTEXT_ID is present. A local user who can access the default network namespace could connect to the socket at /var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform ...
CVE-2024-8037
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...
CVE-2024-8037
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...
CVE-2024-7558
JUJUCONTEXTID is a predictable authentication secret. On a Juju machine non-Kubernetes or Juju charm container on Kubernetes, an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJUCONTEXTID value. This gives the unprivileged user access to t...
Juju 安全漏洞
Juju is an open source application orchestration engine from Canonical Juju Open Source. A security vulnerability exists in Juju that stems from the fact that an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJUCONTEXTID value to access th...
Juju 安全漏洞
Juju is an open source application orchestration engine from Canonical Juju Open Source. A security vulnerability exists in Juju that stems from an abstract UNIX domain socket responsible for introspection being used without locally authenticating the network namespace user, which could lead to a...