10 matches found
CVE-2026-5412
In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the CloudSpec method on the Controller facade. An attacker can obtain sensitive cloud credentials by making an authenticated API call with only basic login permissions, without requiring elevated privileges...
EUVD-2026-21364
Juju: CloudSpec method leaking cloud credentials...
GHSA-W5FQ-8965-C969 Juju: CloudSpec method leaking cloud credentials
Impact If a user has login permission to a controller and knows the controller model UUID, they can call the CloudSpec method on the Controller facade and get cloud credentials used to bootstrap the controller. The CloudSpec API is called by workers running in the controller to maintain connectio...
CVE-2026-5412
In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...
CVE-2026-5412
In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...
CVE-2026-5412 Juju CloudSpec API could leak senstive information
In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...
CVE-2026-5412 Juju CloudSpec API could leak senstive information
In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...
CVE-2026-5412
CVE-2026-5412 (Juju) : An authorization issue in the Juju Controller facade allows an authenticated, low-privileged user to call the CloudSpec API and extract cloud credentials used to bootstrap the controller. This affects Juju versions prior to 2.9.57 and 3.6.21. The issue is mitigated by upgra...
CloudSpec - An Open Source Tool For Validating Your Resources In Your Cloud Providers Using A Logical Language
CloudSpec is an open source tool for validating your resources in your cloud providers using a logical language that everybody can understand. With its reasonably simple syntax, you can validate the configuration of your cloud resources, avoiding mistakes that can lead to availability or...