CVE-2024-7558 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-7558 PUBLISHED CVSS 8.699999809265137 HIGH

JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.

EPSS 0.20% · 41.8th percentile

Risk Scores

CVSS v3.1

8.699999809265137

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H

EPSS Score

0.20%

41.8th percentile

Affected Products

Vendor	Product	Versions
Canonical Ltd.	Juju	3.5, 3.4, 3.1
canonical	juju	3.4, 3.3.0, 3.5.0
github.com	juju/juju	0, 0

Timeline

Oct 2, 2024 CVE Published
Oct 2, 2024 PoC Published
Oct 3, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 22, 2024 EPSS Score
Nov 9, 2024 EPSS Score
Nov 28, 2024 EPSS Score
Dec 17, 2024 EPSS Score
Jan 5, 2025 EPSS Score
Jan 23, 2025 EPSS Score
Feb 11, 2025 EPSS Score
Mar 1, 2025 EPSS Score

References

Open in Interactive Console →