12 matches found
Improper Authentication
Juju is vulnerable to Improper Authentication. The vulnerability is due to improper TLS client and server certificate validation in the internal Dqlite database cluster, which allows an unauthenticated attacker to join the cluster and gain full read and write access to the database...
CVE-2026-4370
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client...
EUVD-2026-17847
Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster...
Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster
Impact Any Juju controller since 3.2.0. An attacker with only route-ability to the target juju controller Dqlite cluster endpoint may join the Dqlite cluster, read and modify all information, including escalating privileges, open firewall ports etc. This is due to not checking the client...
CVE-2026-4370
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client...
CVE-2026-4370
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client...
CVE-2026-4370 Improper TLS Client/Server authentication and certificate verification on Database Cluster
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client...
CVE-2026-4370
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client...
CVE-2026-4370
Summary. CVE-2026-4370 affects Juju (variants: 3.2.0–3.6.19 and 4.0–4.0.4). The issue is in the internal Dqlite database cluster where TLS client/server authentication is not properly performed; the Juju controller’s database endpoint does not validate client certificates when a new node joins th...
CVE-2026-4370 Improper TLS Client/Server authentication and certificate verification on Database Cluster
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client...
Juju 安全漏洞
Juju is a canonical Juju open-source application orchestration engine. Versions 3.2.0 to 3.6.19, as well as 4.0 to 4.0.4, have security vulnerabilities. These vulnerabilities stem from the internal Dqlite database cluster failing to perform proper TLS client and server authentication. This allows...
PT-2026-29482
Name of the Vulnerable Software and Affected Versions Juju versions 3.2.0 through 3.6.19 and versions 4.0.0 through 4.0.4 Description A flaw exists in the Juju software where the internal Dqlite database cluster does not properly validate TLS client and server authentication. Specifically, the Ju...