Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
CanonicalJuju

10 matches found

CVE
CVEadded 2025/01/31 2:15 a.m.92 views

CVE-2023-0092

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

4.9CVSS5AI score0.00135EPSS
CVE
CVEadded 2017/05/28 12:29 a.m.57 views

CVE-2017-9232

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.

10CVSS9.4AI score0.76534EPSS
CVE
CVEadded 2024/10/02 11:15 a.m.55 views

CVE-2024-7558

JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user acces...

8.7CVSS6.9AI score0.00014EPSS
CVE
CVEadded 2024/10/02 11:15 a.m.53 views

CVE-2024-8038

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.

7.9CVSS7.2AI score0.00014EPSS
CVE
CVEadded 2024/10/02 11:15 a.m.51 views

CVE-2024-8037

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a ...

6.5CVSS6.8AI score0.00007EPSS
CVE
CVEadded 2019/04/22 4:29 p.m.39 views

CVE-2015-1316

Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.

7.5CVSS6.9AI score0.00358EPSS
CVE
CVEadded 2024/07/29 2:15 p.m.39 views

CVE-2024-6984

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.

8.8CVSS8.4AI score0.00018EPSS
CVE
CVEadded 2025/07/08 5:16 p.m.15 views

CVE-2025-53513

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the ...

8.8CVSS6.7AI score0.00069EPSS
CVE
CVEadded 2025/07/08 6:15 p.m.13 views

CVE-2025-0928

In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or u...

8.8CVSS7.3AI score0.00276EPSS
CVE
CVEadded 2025/07/08 5:16 p.m.12 views

CVE-2025-53512

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.

6.5CVSS6.3AI score0.00038EPSS