CVE-2024-8037 MEDIUM

CVE-2024-8037

Vendor Canonical Ltd.
Product Juju
Published October 2, 2024
Last update November 1, 2024

CVSS base score

6.5/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.

Key dates

02Disclosure timeline

October 2, 2024 CVE published
November 1, 2024 Record updated