Products
juju
Source
security@ubuntu.com
Tags
CVE-2024-8038 details
Published : Oct. 2, 2024, 11:15 a.m.
Last Modified : Oct. 2, 2024, 11:15 a.m.
Last Modified : Oct. 2, 2024, 11:15 a.m.
Description
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7.9 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-420 | Unprotected Alternate Channel | The product protects a primary channel, but it does not use the same level of protection for an alternate channel. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
Base Score
7.9
Exploitability Score
2.0
Impact Score
5.3
Base Severity
HIGH
Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
References
| URL | Source |
|---|---|
| https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq | security@ubuntu.com |
| https://www.cve.org/CVERecord?id=CVE-2024-8038 | security@ubuntu.com |
This website uses the NVD API, but is not approved or certified by it.