CVE-2024-8037

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-8037
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8037.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-8037
Aliases
Downstream
Related
Published
2024-10-02T11:15:11.690Z
Modified
2026-02-11T13:43:03.938796Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H CVSS Calculator
Summary
[none]
Details

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.

References

Affected packages

Git / github.com/juju/juju

Affected ranges

Type
GIT
Repo
https://github.com/juju/juju
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
bc4db7b86800c81014d5c9ec1dabedbc99137596
Introduced
01a596920ff5a632babf5aacf485cc78fe1ed5df
Fixed
31b4b0914740b84ad8166993635ac797a44276de
Introduced
20a2e3972cb21b88ce8fdae7f54292da2e52aeff
Fixed
06aa5de95bf57f3cbbd33ea968a0bad85e561ee0
Introduced
6c24d578c38db28567c6774f7d51803b807a9c5d
Fixed
2634af3dab34358b2416e9d2d780c3c1b6e00d41
Introduced
924c9e190eb56d9a9324d9cc0dd9dd663c501ac4
Fixed
0ef13a91b3cccff77f3fb8544a265c28ddfe3fe1

Affected versions

v2.*
v2.9.48
v2.9.49
v3.*
v3.5.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8037.json"