VYPR
Moderate severityNVD Advisory· Published Oct 2, 2024· Updated Oct 2, 2024

CVE-2024-7558

CVE-2024-7558

Description

JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/juju/jujuGo
< 0.0.0-20240826044107-ecd7e2d0e9860.0.0-20240826044107-ecd7e2d0e986

Affected products

8

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.