Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-53512

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 6 months ago

Sensitive log retrieval in Juju

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.

References

https://github.com/juju/juju/security/advisories/GHSA-r64v-82fh-xc63

Affected products

juju

<3.6.8
<2.9.52

Matching in nixpkgs

pkgs.juju

Open source modelling tool for operating software in the cloud

nixos-unstable -
- nixpkgs-unstable 3.6.9

pkgs.jujutsu

Git-compatible DVCS that is both simple and powerful

nixos-unstable -
- nixpkgs-unstable 0.33.0

pkgs.jujuutils

Utilities around FireWire devices connected to a Linux computer

nixos-unstable -
- nixpkgs-unstable 0.2

Package maintainers

@RealityAnomaly Alex Zero <alex@arctarus.co.uk>
@emilazy Emily <nixpkgs@emily.moe>
@thoughtpolice Austin Seipp <aseipp@pobox.com>
@0x4A6F Joachim Ernst <mail-maintainer@0x4A6F.dev>
@bbigras Bruno Bigras <bigras.bruno@gmail.com>