Products
juju
Source
security@ubuntu.com
Tags
CVE-2024-8037 details
Published : Oct. 2, 2024, 11:15 a.m.
Last Modified : Oct. 2, 2024, 11:15 a.m.
Last Modified : Oct. 2, 2024, 11:15 a.m.
Description
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6.5 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
6.5
Exploitability Score
1.0
Impact Score
5.5
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
References
URL | Source |
---|---|
https://github.com/juju/juju/security/advisories/GHSA-8v4w-f4r9-7h6x | security@ubuntu.com |
https://www.cve.org/CVERecord?id=CVE-2024-8037 | security@ubuntu.com |
This website uses the NVD API, but is not approved or certified by it.