VDB

CVE-2024-7558

CVE-2024-7558 PUBLISHED CVSS 8.699999809265137 HIGH

JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.

EPSS 0.20% · 41.8th percentile

Risk Scores

CVSS 3.1
8.699999809265137
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
EPSS Score
0.20%
41.8th percentile

Affected Products

VendorProductVersions
Canonical Ltd.Juju3.5, 3.4, 3.1
canonicaljuju3.5.0, 3.4, 0
github.comjuju/juju0, 0

Timeline

  • Oct 2, 2024 CVE Published
  • Oct 2, 2024 PoC Published
  • Oct 3, 2024 EPSS Score
  • Oct 5, 2024 Coalition ESS Score
  • Oct 22, 2024 EPSS Score
  • Nov 10, 2024 EPSS Score
  • Nov 29, 2024 EPSS Score
  • Dec 19, 2024 EPSS Score
  • Jan 7, 2025 EPSS Score
  • Jan 26, 2025 EPSS Score
  • Feb 14, 2025 EPSS Score
  • Mar 6, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›