Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-6984

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

An issue was discovered in Juju that resulted in the …

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.

References

https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2 patch
https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx issue-tracking
https://www.cve.org/CVERecord?id=CVE-2024-6984 issue-tracking
https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2 patch
https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx issue-tracking
https://www.cve.org/CVERecord?id=CVE-2024-6984 issue-tracking
https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2 patch x_transferred
https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx issue-tracking x_transferred
https://www.cve.org/CVERecord?id=CVE-2024-6984 issue-tracking x_transferred

Affected products

juju

<3.3.5
<2.9.50
<3.5.3
<3.1.9
<3.4.5

Matching in nixpkgs

pkgs.juju

Open source modelling tool for operating software in the cloud

nixos-unstable -
- nixpkgs-unstable 3.6.9

pkgs.jujutsu

Git-compatible DVCS that is both simple and powerful

nixos-unstable -
- nixpkgs-unstable 0.33.0

pkgs.jujuutils

Utilities around FireWire devices connected to a Linux computer

nixos-unstable -
- nixpkgs-unstable 0.2

Package maintainers

@RealityAnomaly Alex Zero <alex@arctarus.co.uk>
@emilazy Emily <nixpkgs@emily.moe>
@thoughtpolice Austin Seipp <aseipp@pobox.com>
@0x4A6F Joachim Ernst <mail-maintainer@0x4A6F.dev>
@bbigras Bruno Bigras <bigras.bruno@gmail.com>