CVE-2024-7558

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-7558
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-7558.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-7558
Aliases
Downstream
Related
Published
2024-10-02T11:15:11.460Z
Modified
2026-02-11T13:43:05.432637Z
Severity
  • 8.0 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

JUJUCONTEXTID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJUCONTEXTID value. This gives the unprivileged user access to the same information and tools as the Juju charm.

References

Affected packages

Git / github.com/juju/juju

Affected ranges

Type
GIT
Repo
https://github.com/juju/juju
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
bc4db7b86800c81014d5c9ec1dabedbc99137596
Introduced
01a596920ff5a632babf5aacf485cc78fe1ed5df
Fixed
31b4b0914740b84ad8166993635ac797a44276de
Introduced
20a2e3972cb21b88ce8fdae7f54292da2e52aeff
Fixed
06aa5de95bf57f3cbbd33ea968a0bad85e561ee0
Introduced
6c24d578c38db28567c6774f7d51803b807a9c5d
Fixed
2634af3dab34358b2416e9d2d780c3c1b6e00d41
Introduced
924c9e190eb56d9a9324d9cc0dd9dd663c501ac4
Fixed
0ef13a91b3cccff77f3fb8544a265c28ddfe3fe1
Introduced
c7107ada8c471aa3ba105e5433e61861227e2ed4
Fixed
3052b293cbab49b1a2f994724d2c90e80954cfe3

Affected versions

v2.*
v2.9.48
v2.9.49
v3.*
v3.5.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-7558.json"