418 matches found
GHSA-85QF-6845-M8P2 Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xwgj-vpm9-q2rq. This link is maintained to preserve external references. Original Description Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspecti...
Duplicate Advisory: Vulnerable juju hook tool abstract UNIX domain socket
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8v4w-f4r9-7h6x. This link is maintained to preserve external references. Original Description Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the...
Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xwgj-vpm9-q2rq. This link is maintained to preserve external references. Original Description Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspecti...
CVE-2024-8038
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks...
CVE-2024-8037
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...
CVE-2024-8038
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks...
CVE-2024-8037
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...
CVE-2024-8037
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...
CVE-2024-8037
CVE-2024-8037 describes a vulnerability in the juju hook tool where an abstract UNIX domain socket can be misused when JUJU_CONTEXT_ID is present. A local user who can access the default network namespace could connect to the socket at /var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform ...
PT-2024-38764 · Canonical +1 · Juju +1
Name of the Vulnerable Software and Affected Versions: juju versions prior to 2.9.51 juju versions prior to 3.1.10 juju versions prior to 3.3.7 juju versions prior to 3.4.6 juju versions prior to 3.5.4 Description: The issue concerns an abstract UNIX domain socket used for juju introspection, whi...
PT-2024-38763 · Canonical +1 · Juju +1
Name of the Vulnerable Software and Affected Versions: juju versions prior to 2.9.51 juju versions prior to 3.1.10 juju versions prior to 3.3.7 juju versions prior to 3.4.6 juju versions prior to 3.5.4 Description: The juju hook tool's abstract UNIX domain socket is vulnerable. When combined with...
Juju 安全漏洞
Juju is an open source application orchestration engine from Canonical Juju Open Source. A security vulnerability exists in Juju that stems from an abstract UNIX domain socket responsible for introspection being used without locally authenticating the network namespace user, which could lead to a...
GO-2022-0457 Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium
Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium...
BIT-HUBBLE-UI-2022-29178
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...
BIT-HUBBLE-UI-BACKEND-2022-29178
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...
BIT-CILIUM-PROXY-2022-29178
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...
BIT-HUBBLE-2022-29178
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...
BIT-HUBBLE-RELAY-2022-29178 Incorrect Default Permissions in Cilium
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...
BIT-CILIUM-2022-29178 Incorrect Default Permissions in Cilium
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...
BIT-CILIUM-OPERATOR-2022-29178 Incorrect Default Permissions in Cilium
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...