8 matches found
CVE-2026-32693
In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret...
GHSA-439W-V2P7-PGGC Juju has unauthorized access to out-of-scope Kubernetes secrets
Summary Grantee is able to update secret content using the secret-set tool due to broad Kubernetes access policy. Implications are that it is possible, knowing a Kubernetes secret identifier e.g. name, to patch without affecting the secret, revealing the value, or, patching while affecting the...
Juju has unauthorized access to out-of-scope Kubernetes secrets
Summary Grantee is able to update secret content using the secret-set tool due to broad Kubernetes access policy. Implications are that it is possible, knowing a Kubernetes secret identifier e.g. name, to patch without affecting the secret, revealing the value, or, patching while affecting the...
CVE-2026-32693
In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret...
CVE-2026-32693 Unauthorized access to Kubernetes secrets in Juju
In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret...
CVE-2026-32693
In Juju versions 3.0.0–3.6.18, the authorization of the secret-set tool is not performed correctly, allowing a grantee to update secret content and potentially read or update other secrets. When the secret-set tool logs an exploitation attempt error, the secret can still be updated, with the new ...
PT-2026-26057
Name of the Vulnerable Software and Affected Versions Juju versions 3.0.0 through 3.6.18 Description Juju’s authorization for the 'secret-set' tool is flawed, allowing a grantee to update secret content. Even when an error is logged during an exploitation attempt, the secret is still updated, and...
Juju 安全漏洞
Juju is a canonical Juju open-source application orchestration engine. Versions of Juju from 3.0.0 to 3.6.18 contained security vulnerabilities. These vulnerabilities were caused by incorrect authorization in the secret-set tool, which could allow authorized users to update key contents and read ...