Attackers can exploit vulnerability in Juju hook tool to gain access to restrictive actions
CVE-2024-8037
6.5MEDIUM
Summary
A local authorization bypass vulnerability exists in the Juju hook tool due to improper handling of UNIX domain sockets. This flaw allows any user on the local system with access to the default network namespace to connect to the agent socket located at @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket. By leveraging this vulnerability in conjunction with a specific JUJU_CONTEXT_ID, the attacker can perform actions typically restricted to Juju charms, potentially compromising the security of the affected Juju deployments.
Affected Version(s)
Juju Linux 3.5 < 3.5.4
Juju Linux 3.4 < 3.4.6
Juju Linux 3.3 < 3.3.7
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Credit
Pedro Guimaraes
Harry Pidcock
Mark Esler