CVE-2024-6984
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Canonical Ltd. | Juju | 3.5 < 3.5.3 | affected |
| Canonical Ltd. | Juju | 3.4 < 3.4.5 | affected |
| Canonical Ltd. | Juju | 3.3 < 3.3.5 | affected |
| Canonical Ltd. | Juju | 3.1 < 3.1.9 | affected |
| Canonical Ltd. | Juju | 2.9 < 2.9.50 | affected |
Weaknesses
- CWE-209: CWE-209 Generation of Error Message Containing Sensitive Information
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2
- https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx
- https://www.cve.org/CVERecord?id=CVE-2024-6984
References
- https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2
- https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx
- https://www.cve.org/CVERecord?id=CVE-2024-6984
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.