VDB

CVE-2017-9232

CVE-2017-9232 PUBLISHED

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.

EPSS 79.95% · 99.1th percentile

Risk Scores

EPSS Score
79.95%
99.1th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSjuju-core2.0.2-0ubuntu0.16.04.1, 2.0~beta12-0ubuntu1.16.04.1, 2.0~beta15-0ubuntu2.16.04.1
Ubuntu:16.04:LTSjuju-core-11.25.6-0ubuntu1.16.04.1, 1.25.5-0ubuntu3, 1.25.5-0ubuntu1
Ubuntu:14.04:LTSjuju-core1.18.1-0ubuntu1, 1.18.4+dfsg-0ubuntu0.14.04.1, 1.20.11-0ubuntu0.14.04.1

Timeline

  • May 26, 2017 CVE Published
  • Feb 11, 2018 PoC Published
  • Apr 14, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Sep 14, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 11, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›