Local Access to Unauthorized Introspection Abstract UNIX Domain Socket Leads to Service Denial
CVE-2024-8038

Currently unrated

Key Information:

Vendor: juju
Vendor: CVE Published:; 2 October 2024

Summary

A vulnerability exists in the Juju software related to an abstract UNIX domain socket that handles introspection processes. This socket is accessible locally by users within the same network namespace without requiring authentication. As a result, this flaw allows attackers to potentially disrupt services through denial of service attacks, compromising the reliability and availability of the software.

References

https://github.com/juju/juju/security/advisories/GHSA-xwg...

https://www.cve.org/CVERecord?id=CVE-2024-8038

Timeline

Vulnerability published
Oct 2, 2024