Risk Scores
CVSS v3.1
7.900000095367432
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
EPSS Score
0.08%
22.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | juju/juju | 0, 0 |
| canonical | juju | 3.5.0, 3.1.0, 3.2.0 |
| Canonical Ltd. | Juju | 3.1, 2.9, 3.5 |
Timeline
- Oct 2, 2024 CVE Published
- Oct 2, 2024 PoC Published
- Oct 3, 2024 EPSS Score
- Oct 5, 2024 Coalition ESS Score
- Oct 22, 2024 EPSS Score
- Nov 1, 2024 Coalition ESS Score
- Nov 9, 2024 EPSS Score
- Nov 28, 2024 EPSS Score
- Dec 17, 2024 EPSS Score
- Jan 5, 2025 EPSS Score
- Jan 23, 2025 EPSS Score
- Feb 11, 2025 EPSS Score
References
- https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq issue
- https://www.cve.org/CVERecord?id=CVE-2024-8038 issue
- https://nvd.nist.gov/vuln/detail/CVE-2024-8038 advisory
- https://github.com/juju/juju/commit/43f0fc59790d220a457d4d305f484f62be556d3b url
- https://github.com/juju/juju package
- https://github.com/juju/juju/blob/725800953aaa29dbeda4f806097bf838e61644dd/worker/introspection/worker.go#L125 url
- https://pkg.go.dev/vuln/GO-2024-3175 url