CVE-2024-6984

Summary

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.

Affected Software

VendorProductVersion RangeStatus
Canonical Ltd.Juju3.5 < 3.5.3affected
Canonical Ltd.Juju3.4 < 3.4.5affected
Canonical Ltd.Juju3.3 < 3.3.5affected
Canonical Ltd.Juju3.1 < 3.1.9affected
Canonical Ltd.Juju2.9 < 2.9.50affected

Weaknesses

  • CWE-209: CWE-209 Generation of Error Message Containing Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References