Local Data Leak Vulnerability in Juju by Canonical
CVE-2024-6984

3.8LOW

Key Information:

Vendor: Canonical
Status: Juju
Vendor: CVE Published:; 29 July 2024

Summary

A vulnerability in Juju allows local unprivileged attackers to exploit a leak of sensitive context IDs. This flaw permits unauthorized access to potentially sensitive information or relational data accessible to the local charm, raising significant privacy and security concerns for affected users.

References

https://github.com/juju/juju/commit/da929676853092a29ddf8...

https://github.com/juju/juju/security/advisories/GHSA-6vj...

https://www.cve.org/CVERecord?id=CVE-2024-6984

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 29, 2024