CVE-2024-8038

Summary

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.

Affected Software

VendorProductVersion RangeStatus
Canonical Ltd.Juju3.5 < 3.5.4affected
Canonical Ltd.Juju3.4 < 3.4.6affected
Canonical Ltd.Juju3.3 < 3.3.7affected
Canonical Ltd.Juju3.1 < 3.1.10affected
Canonical Ltd.Juju2.9 < 2.9.51affected

Weaknesses

  • CWE-420: CWE-420

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References