Canonical: >> Juju Security Vulnerabilities
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.
CVSS Score
7.9
EPSS Score
0.001
Published
2024-10-02
An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-07-29
Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.
CVSS Score
6.4
EPSS Score
0.004
Published
2019-04-22
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
CVSS Score
9.8
EPSS Score
0.816
Published
2017-05-28
Page 2