CVE-2024-6984

Description

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected products

Canonical Ltd. / Juju3.5 – 3.5.3
Canonical Ltd. / Juju3.4 – 3.4.5
Canonical Ltd. / Juju3.3 – 3.3.5
Canonical Ltd. / Juju3.1 – 3.1.9
Canonical Ltd. / Juju2.9 – 2.9.50

References

PATCHhttps://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2
VENDOR_ADVISORYhttps://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx
CONFIRMhttps://www.cve.org/CVERecord?id=CVE-2024-6984