CVE-2024-8037 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-8037 PUBLISHED CVSS 6.5 MEDIUM

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.

EPSS 0.10% · 26.4th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

EPSS Score

0.10%

26.4th percentile

Affected Products

Vendor	Product	Versions
github.com	juju/juju	0, 0
Canonical Ltd.	Juju	3.1, 2.9, 3.5
canonical	juju	3.5.0, 0, 3.1.0

Timeline

Oct 2, 2024 CVE Published
Oct 2, 2024 PoC Published
Oct 3, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 22, 2024 EPSS Score
Nov 1, 2024 Coalition ESS Score
Nov 9, 2024 EPSS Score
Nov 28, 2024 EPSS Score
Dec 17, 2024 EPSS Score
Jan 5, 2025 EPSS Score
Jan 23, 2025 EPSS Score
Feb 11, 2025 EPSS Score

References

Open in Interactive Console →