CVE-2024-8037

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-8037
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8037.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-8037
Aliases
Downstream
Related
Published
2024-10-02T11:15:11Z
Modified
2025-08-27T09:01:15.869781Z
Summary
[none]
Details

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.

References

Affected packages

Git / github.com/juju/juju

Affected ranges

Type
GIT
Repo
https://github.com/juju/juju
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
bc4db7b86800c81014d5c9ec1dabedbc99137596

Affected versions

2.*

2.8-rc1
2.8.0

Other

juju-

juju-1.*

juju-1.19.3
juju-1.19.4
juju-1.21-alpha1
juju-1.21-alpha2
juju-1.21-alpha3
juju-1.24-alpha1
juju-1.24-beta1
juju-1.24-beta2
juju-1.24-beta3
juju-1.24-beta4
juju-1.24-beta5
juju-1.24-beta6
juju-1.25-alpha1
juju-1.25-beta1
juju-1.25.0
juju-1.26-alpha1
juju-1.26-alpha2
juju-1.26-alpha3

juju-2.*

juju-2.0-alpha1
juju-2.0-alpha2
juju-2.0-beta1
juju-2.0-beta10
juju-2.0-beta11
juju-2.0-beta12
juju-2.0-beta13
juju-2.0-beta14
juju-2.0-beta15
juju-2.0-beta16
juju-2.0-beta17
juju-2.0-beta18
juju-2.0-beta2
juju-2.0-beta3
juju-2.0-beta4
juju-2.0-beta5
juju-2.0-beta6
juju-2.0-beta7
juju-2.0-beta8
juju-2.0-beta9
juju-2.0-rc1
juju-2.0-rc2
juju-2.0-rc3
juju-2.0.0
juju-2.1-beta1
juju-2.1-beta2
juju-2.1-beta3
juju-2.1-beta4
juju-2.1-beta5
juju-2.1-rc1
juju-2.1-rc2
juju-2.1.0
juju-2.1.1
juju-2.1.2
juju-2.2-alpha1
juju-2.2-beta1
juju-2.2-beta2
juju-2.2-beta3
juju-2.2-beta4
juju-2.2-rc1
juju-2.2-rc2
juju-2.2-rc3
juju-2.2.0
juju-2.2.1
juju-2.2.2
juju-2.2.3
juju-2.2.4
juju-2.2.5
juju-2.2.6
juju-2.2.7
juju-2.2.8
juju-2.2.9
juju-2.3-beta1
juju-2.3-beta2
juju-2.3-beta3
juju-2.3-rc1
juju-2.3-rc2
juju-2.3.0
juju-2.3.1
juju-2.3.2
juju-2.3.3
juju-2.3.4
juju-2.3.5
juju-2.3.6
juju-2.3.7
juju-2.3.8
juju-2.3.9
juju-2.4-beta1
juju-2.4-beta2
juju-2.4-beta3
juju-2.4-rc1
juju-2.4-rc2
juju-2.4-rc3
juju-2.4.0
juju-2.4.1
juju-2.4.2
juju-2.4.3
juju-2.4.4
juju-2.4.5
juju-2.4.6
juju-2.4.7
juju-2.5-beta1
juju-2.5-beta2
juju-2.5-beta3
juju-2.5-rc1
juju-2.5-rc2
juju-2.5.0
juju-2.5.1
juju-2.5.2
juju-2.5.3
juju-2.5.4
juju-2.5.5
juju-2.5.6
juju-2.5.7
juju-2.5.8
juju-2.6-beta1
juju-2.6-beta2
juju-2.6-rc1
juju-2.6-rc2
juju-2.6.0
juju-2.6.1
juju-2.6.10
juju-2.6.2
juju-2.6.3
juju-2.6.4
juju-2.6.5
juju-2.6.6
juju-2.6.7
juju-2.6.9
juju-2.7-beta1
juju-2.7-rc1
juju-2.7-rc2
juju-2.7-rc3
juju-2.7-rc4
juju-2.7-rc5
juju-2.7-rc6
juju-2.7.0
juju-2.7.1
juju-2.7.2
juju-2.7.3
juju-2.7.4
juju-2.7.5
juju-2.7.6
juju-2.7.7
juju-2.8-beta1
juju-2.8-rc1
juju-2.8-rc2
juju-2.8-rc3
juju-2.8.0
juju-2.8.1
juju-2.8.10
juju-2.8.11
juju-2.8.2
juju-2.8.3
juju-2.8.4
juju-2.8.5
juju-2.8.6
juju-2.8.7
juju-2.8.8
juju-2.8.9
juju-2.9-beta1
juju-2.9-rc1
juju-2.9-rc10
juju-2.9-rc11
juju-2.9-rc12
juju-2.9-rc2
juju-2.9-rc3
juju-2.9-rc4
juju-2.9-rc5
juju-2.9-rc6
juju-2.9-rc7
juju-2.9-rc8
juju-2.9-rc9
juju-2.9.0
juju-2.9.1
juju-2.9.10
juju-2.9.11
juju-2.9.12
juju-2.9.13
juju-2.9.14
juju-2.9.15
juju-2.9.16
juju-2.9.17
juju-2.9.18
juju-2.9.19
juju-2.9.2
juju-2.9.20
juju-2.9.21
juju-2.9.22
juju-2.9.23
juju-2.9.24
juju-2.9.25
juju-2.9.26
juju-2.9.27
juju-2.9.28
juju-2.9.29
juju-2.9.3
juju-2.9.30
juju-2.9.31
juju-2.9.32
juju-2.9.33
juju-2.9.34
juju-2.9.35
juju-2.9.36
juju-2.9.37
juju-2.9.38
juju-2.9.39
juju-2.9.4
juju-2.9.40
juju-2.9.41
juju-2.9.42
juju-2.9.43
juju-2.9.44
juju-2.9.5
juju-2.9.6
juju-2.9.7
juju-2.9.8
juju-2.9.9

v2.*

v2.9.45
v2.9.46
v2.9.47
v2.9.48
v2.9.49