CVE-2024-6984

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*
cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*
cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*
cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*
cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:50

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 3.8
v2 : unknown
v3 : 8.8
References () https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2 - Patch () https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2 - Patch
References () https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx - Exploit, Vendor Advisory () https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx - Exploit, Vendor Advisory
References () https://www.cve.org/CVERecord?id=CVE-2024-6984 - Third Party Advisory () https://www.cve.org/CVERecord?id=CVE-2024-6984 - Third Party Advisory

11 Sep 2024, 16:39

Type Values Removed Values Added
References () https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2 - () https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2 - Patch
References () https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx - () https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx - Exploit, Vendor Advisory
References () https://www.cve.org/CVERecord?id=CVE-2024-6984 - () https://www.cve.org/CVERecord?id=CVE-2024-6984 - Third Party Advisory
Summary
  • (es) Se descubrió un problema en Juju que resultó en la filtración del ID de contexto confidencial, que permite a un atacante local sin privilegios acceder a otros datos o relaciones confidenciales accesibles al acceso local.
CPE cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*
First Time Canonical
Canonical juju
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 3.8

29 Jul 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-29 14:15

Updated : 2024-11-21 09:50


NVD link : CVE-2024-6984

Mitre link : CVE-2024-6984

CVE.ORG link : CVE-2024-6984


JSON object : View

Products Affected

canonical

  • juju
CWE
CWE-209

Generation of Error Message Containing Sensitive Information