Attackers can exploit vulnerability in Juju hook tool to gain access to restrictive actions

CVE-2024-8037
Currently unrated 🤨

Key Information

Vendor
Juju
Vendor
CVE Published:
2 October 2024

Summary

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.

Timeline

  • Vulnerability published.

Collectors

NVD Database
.