2 matches found
Juju has unauthorized update of out-of-scope Vault secrets
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...
CVE-2026-32693
In Juju versions 3.0.0–3.6.18, the authorization of the secret-set tool is not performed correctly, allowing a grantee to update secret content and potentially read or update other secrets. When the secret-set tool logs an exploitation attempt error, the secret can still be updated, with the new ...