File Download Vulnerability in Juju Controller by Canonical
CVE-2023-0092
4.9MEDIUM
What is CVE-2023-0092?
An authenticated user with read access to the Juju controller model can craft a remote request to download arbitrary files from the controller's filesystem, potentially leading to unauthorized access to sensitive information. This vulnerability highlights the risks associated with insufficient access controls for users able to interact with the Juju controller.
Affected Version(s)
Juju Linux 2.9.22 < 2.9.38
Juju Linux 3.0.0 < 3.0.3
Juju Linux 2.9.38 < 3.0.3