VDB
CVE-2024-8038
CVE-2024-8038
PUBLISHED
CVSS 7.900000095367432 HIGH
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.
EPSS 0.08% · 23.0th percentile
Risk Scores
CVSS 3.1
7.900000095367432
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
EPSS Score
0.08%
23.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | juju/juju | 0, 0 |
| canonical | juju | 3.4, 3.5.0, 3.2.0 |
| Canonical Ltd. | Juju | 3.3, 3.1, 2.9 |
Exploit Intelligence
Timeline
- Oct 2, 2024 CVE Published
- Oct 2, 2024 PoC Published
- Oct 3, 2024 EPSS Score
- Oct 5, 2024 Coalition ESS Score
- Oct 22, 2024 EPSS Score
- Nov 1, 2024 Coalition ESS Score
- Nov 10, 2024 EPSS Score
- Nov 29, 2024 EPSS Score
- Dec 19, 2024 EPSS Score
- Jan 7, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
- Feb 14, 2025 EPSS Score
References
- https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq issue
- https://www.cve.org/CVERecord?id=CVE-2024-8038 issue
- https://nvd.nist.gov/vuln/detail/CVE-2024-8038 advisory
- https://github.com/juju/juju/commit/43f0fc59790d220a457d4d305f484f62be556d3b url
- https://github.com/juju/juju package
- https://github.com/juju/juju/blob/725800953aaa29dbeda4f806097bf838e61644dd/worker/introspection/worker.go#L125 url
- https://pkg.go.dev/vuln/GO-2024-3175 url