Canonical: >> Juju Security Vulnerabilities
An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.
CVSS Score
8.8
EPSS Score
0.0
Published
2024-07-29
Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.
CVSS Score
6.4
EPSS Score
0.004
Published
2019-04-22
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
CVSS Score
9.8
EPSS Score
0.747
Published
2017-05-28