EUVD-2025-20670

Malicious code in bioql PyPI...

SUSE CVE-2025-53513

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through th...

Directory Traversal

github.com/juju/juju is vulnerable to Directory Traversal. The vulnerability is due to insufficient authorization checks caused by the /charms endpoint allowing any authenticated user to upload charms without proper validation, enabling attackers to exploit a Zip Slip vulnerability and gain acces...

CVE-2025-53513

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through th...

GHSA-24CH-W38V-XMH8 Juju zip slip vulnerability via authenticated endpoint

Impact Any user with a Juju account on a controller can upload a charm to the /charms endpoint. No specific permissions are required - it's just sufficient for the user to exist in the controller user database. A charm which exploits the zip slip vulnerability may be used to allow such a user to...

CVE-2025-53513

Juju’s CVE-2025-53513 affects the /charms API endpoint, where authenticated users on the controller can upload charms. The vulnerability stems from insufficient authorization checks, enabling a user account to upload a charm and, via a crafted ZIP file with Zip Slip traversal, overwrite server fi...

CVE-2025-53513 Zip slip vulnerability in Juju

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through th...

CVE-2025-53513 Zip slip vulnerability in Juju

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through th...

PT-2025-28634

Name of the Vulnerable Software and Affected Versions: Juju affected versions not specified Description: The issue concerns a lack of sufficient authorization checks in the "/charms" endpoint on a Juju controller, allowing any user with an account to upload a charm. This could be exploited by...

Juju 路径遍历漏洞

Juju is an open source application orchestration engine from Canonical Juju Open Source. A security vulnerability exists in Juju that stems from insufficient authorization checking on the /charms endpoint, which could lead to an arbitrary user uploading a specially crafted charm to gain access to...