UBUNTU-CVE-2025-6224

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-6224

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6224.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-6224

Upstream

CVE-2025-6224

Published

2025-07-01T11:15:00Z

Modified

2025-07-14T07:16:37.143245Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Certificate generation in juju/utils using the cert.NewLeaf function could include private information. If this certificate were then transferred over the network in plaintext, an attacker listening on that network could sniff the certificate and trivially extract the private key from it.

References

Affected packages

Ubuntu:Pro:18.04:LTS / golang-github-juju-utils

Package

Name: golang-github-juju-utils
Purl: pkg:deb/ubuntu/golang-github-juju-utils@0.0~git20171220.f38c0b0-4?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20171220.f38c0b0-3

0.0~git20171220.f38c0b0-4

Ubuntu:Pro:20.04:LTS / golang-github-juju-utils

Package

Name: golang-github-juju-utils
Purl: pkg:deb/ubuntu/golang-github-juju-utils@0.0~git20171220.f38c0b0-5?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20171220.f38c0b0-5

Ubuntu:22.04:LTS / golang-github-juju-utils

Package

Name: golang-github-juju-utils
Purl: pkg:deb/ubuntu/golang-github-juju-utils@0.0~git20200923.4646bfe-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20171220.f38c0b0-6

0.0~git20200923.4646bfe-1

Ubuntu:24.04:LTS / golang-github-juju-utils

Package

Name: golang-github-juju-utils
Purl: pkg:deb/ubuntu/golang-github-juju-utils@0.0~git20200923.4646bfe-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20200923.4646bfe-1

Ubuntu:25.04 / golang-github-juju-utils

Package

Name: golang-github-juju-utils
Purl: pkg:deb/ubuntu/golang-github-juju-utils@0.0~git20200923.4646bfe-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20200923.4646bfe-1