Attackers can exploit vulnerability in Juju hook tool to gain access to restrictive actions
CVE-2024-8037
Currently unrated 🤨
Key Information
- Vendor
- Juju
- Vendor
- CVE Published:
- 2 October 2024
Summary
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.
Timeline
Vulnerability published.
Collectors
NVD Database