Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-0092

4.9 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 6 months ago

An authenticated user who has read access to the juju …

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

References

https://github.com/advisories/GHSA-x5rv-w9pm-8qp8 issue-tracking
https://github.com/juju/juju/commit/ef803e2a13692d355b784b7da8b4b1f01dab1556 patch
https://github.com/advisories/GHSA-x5rv-w9pm-8qp8 issue-tracking
https://github.com/juju/juju/commit/ef803e2a13692d355b784b7da8b4b1f01dab1556 patch

Affected products

juju

<2.9.38
<3.0.3

Matching in nixpkgs

pkgs.juju

Open source modelling tool for operating software in the cloud

nixos-unstable -
- nixpkgs-unstable 3.6.9

pkgs.jujutsu

Git-compatible DVCS that is both simple and powerful

nixos-unstable -
- nixpkgs-unstable 0.33.0

pkgs.jujuutils

Utilities around FireWire devices connected to a Linux computer

nixos-unstable -
- nixpkgs-unstable 0.2

Package maintainers

@RealityAnomaly Alex Zero <alex@arctarus.co.uk>
@emilazy Emily <nixpkgs@emily.moe>
@thoughtpolice Austin Seipp <aseipp@pobox.com>
@0x4A6F Joachim Ernst <mail-maintainer@0x4A6F.dev>
@bbigras Bruno Bigras <bigras.bruno@gmail.com>