Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.
7.5CVSS
7.5AI Score
0.002EPSS
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
9.8CVSS
9.4AI Score
0.223EPSS
An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.
8.8CVSS
8.4AI Score
0.0004EPSS