Untriaged
Permalink
CVE-2024-8038
7.9 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): HIGH
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX …
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.
References
- https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq issue-tracking
- https://www.cve.org/CVERecord?id=CVE-2024-8038 issue-tracking
Affected products
juju
- <3.4.6
- <2.9.51
- <3.1.10
- <3.5.4
- <3.3.7
Package maintainers
-
@RealityAnomaly Alex Zero <alex@arctarus.co.uk>
-
@emilazy Emily <nixpkgs@emily.moe>
-
@thoughtpolice Austin Seipp <aseipp@pobox.com>
-
@0x4A6F Joachim Ernst <mail-maintainer@0x4A6F.dev>
-
@bbigras Bruno Bigras <bigras.bruno@gmail.com>