Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-6984 | 1 Canonical | 1 Juju | 2024-11-21 | N/A | 8.8 HIGH |
An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm. | |||||
CVE-2017-9232 | 1 Canonical | 1 Juju | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root. | |||||
CVE-2015-1316 | 1 Canonical | 1 Juju | 2024-11-21 | 5.0 MEDIUM | 6.4 MEDIUM |
Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key. |