Lucene search
K

418 matches found

OSV
OSV
added 2024/10/02 12:30 p.m.2 views

GHSA-85QF-6845-M8P2 Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xwgj-vpm9-q2rq. This link is maintained to preserve external references. Original Description Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspecti...

7.9CVSS8.1AI score0.0021EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/10/02 12:30 p.m.10 views

Duplicate Advisory: Vulnerable juju hook tool abstract UNIX domain socket

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8v4w-f4r9-7h6x. This link is maintained to preserve external references. Original Description Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the...

6.5CVSS6.9AI score0.00185EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/02 12:30 p.m.11 views

Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xwgj-vpm9-q2rq. This link is maintained to preserve external references. Original Description Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspecti...

7.9CVSS7.2AI score0.0021EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/10/02 11:15 a.m.11 views

CVE-2024-8038

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks...

7.9CVSS0.0021EPSS
Exploits0References2
OSV
OSV
added 2024/10/02 11:15 a.m.6 views

CVE-2024-8037

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...

6.5CVSS6.9AI score0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/02 10:12 a.m.7 views

CVE-2024-8038

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks...

7.9CVSS7.1AI score0.0021EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/02 10:12 a.m.10 views

CVE-2024-8037

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...

6.5CVSS6.8AI score0.00185EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/02 10:12 a.m.34 views

CVE-2024-8037

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...

6.5CVSS0.00185EPSS
Exploits0References2
CVE
CVE
added 2024/10/02 10:12 a.m.85 views

CVE-2024-8037

CVE-2024-8037 describes a vulnerability in the juju hook tool where an abstract UNIX domain socket can be misused when JUJU_CONTEXT_ID is present. A local user who can access the default network namespace could connect to the socket at /var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform ...

6.5CVSS6.8AI score0.00185EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.3 views

PT-2024-38764 · Canonical +1 · Juju +1

Name of the Vulnerable Software and Affected Versions: juju versions prior to 2.9.51 juju versions prior to 3.1.10 juju versions prior to 3.3.7 juju versions prior to 3.4.6 juju versions prior to 3.5.4 Description: The issue concerns an abstract UNIX domain socket used for juju introspection, whi...

9.9CVSS6.4AI score0.97781EPSS
Exploits21References142
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.5 views

PT-2024-38763 · Canonical +1 · Juju +1

Name of the Vulnerable Software and Affected Versions: juju versions prior to 2.9.51 juju versions prior to 3.1.10 juju versions prior to 3.3.7 juju versions prior to 3.4.6 juju versions prior to 3.5.4 Description: The juju hook tool's abstract UNIX domain socket is vulnerable. When combined with...

9.9CVSS6.2AI score0.97781EPSS
Exploits21References142
CNNVD
CNNVD
added 2024/10/02 12:0 a.m.5 views

Juju 安全漏洞

Juju is an open source application orchestration engine from Canonical Juju Open Source. A security vulnerability exists in Juju that stems from an abstract UNIX domain socket responsible for introspection being used without locally authenticating the network namespace user, which could lead to a...

7.9CVSS7.9AI score0.0021EPSS
Exploits0References4
OSV
OSV
added 2024/08/21 3:11 p.m.6 views

GO-2022-0457 Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium

Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium...

8.8CVSS8.5AI score0.00285EPSS
Exploits0References5
OSV
OSV
added 2024/07/01 11:19 a.m.10 views

BIT-HUBBLE-UI-2022-29178

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...

8.8CVSS8.3AI score0.00285EPSS
Exploits0References4
OSV
OSV
added 2024/07/01 11:19 a.m.53 views

BIT-HUBBLE-UI-BACKEND-2022-29178

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...

8.8CVSS8.3AI score0.00285EPSS
Exploits0References4
OSV
OSV
added 2024/07/01 11:14 a.m.14 views

BIT-CILIUM-PROXY-2022-29178

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...

8.8CVSS8.3AI score0.00285EPSS
Exploits0References4
OSV
OSV
added 2024/06/04 9:46 a.m.15 views

BIT-HUBBLE-2022-29178

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...

8.8CVSS8.3AI score0.00285EPSS
Exploits0References4
OSV
OSV
added 2024/05/24 7:24 p.m.17 views

BIT-HUBBLE-RELAY-2022-29178 Incorrect Default Permissions in Cilium

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...

8.8CVSS8.3AI score0.00285EPSS
Exploits0References5
OSV
OSV
added 2024/05/15 12:9 p.m.20 views

BIT-CILIUM-2022-29178 Incorrect Default Permissions in Cilium

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...

8.8CVSS8.3AI score0.00285EPSS
Exploits0References5
OSV
OSV
added 2024/05/15 12:8 p.m.20 views

BIT-CILIUM-OPERATOR-2022-29178 Incorrect Default Permissions in Cilium

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...

8.8CVSS8.3AI score0.00285EPSS
Exploits0References5
Rows per page
Query Builder