CVE-2023-0092

Summary

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

Affected Software

VendorProductVersion RangeStatus
Canonical Ltd.Juju2.9.22 < 2.9.38affected
Canonical Ltd.Juju3.0.0 < 3.0.3affected
Canonical Ltd.Juju2.9.38 < 3.0.3affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References