Lucene search
+L

4 matches found

Github Security Blog
Github Security Blog
added 2026/04/10 9:0 p.m.10 views

Juju: In-Memory Token Store for Discharge Tokens Lacks Concurrency Safety and Persistence

Summary The localLoginHandlers struct in the Juju API server maintains an in-memory map to store discharge tokens following successful local authentication. This map is accessed concurrently from multiple HTTP handler goroutines without any synchronization primitive protecting it. The absence of ...

6.4CVSS5.8AI score0.00243EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/04/10 12:10 p.m.4 views

CVE-2026-5774 Juju API Server Denial of Service and Authentication Replay via Unsynchronized Token Map

Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token...

6CVSS5.9AI score0.00243EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/04/10 12:10 p.m.34 views

CVE-2026-5774 Juju API Server Denial of Service and Authentication Replay via Unsynchronized Token Map

Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token...

6CVSS0.00243EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/10 12:10 p.m.3 views

CVE-2026-5774 Juju API Server Denial of Service and Authentication Replay via Unsynchronized Token Map

Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token...

6CVSS5.8AI score0.00243EPSS
Exploits1References3
Rows per page
Query Builder