Moderate severityNVD Advisory· Published Oct 2, 2024· Updated Nov 1, 2024

CVE-2024-8037

Description

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/juju/jujuGo	< 0.0.0-20240820065804-2f2ec128ef5a	0.0.0-20240820065804-2f2ec128ef5a

Affected products

Canonical (company)/Jujuv5
Range: 3.5

Patches

2f2ec128ef5a

fix: use unix domain socket file for agent socket

https://github.com/juju/jujuHarry PidcockAug 20, 2024via ghsa

commit

2 files changed · +6 −9

worker/uniter/paths.go+3 −6 modified

@@ -190,8 +190,8 @@ func NewWorkerPaths(dataDir string, unitTag names.UnitTag, worker string, socket
 		Runtime: RuntimePaths{
 			RemoteJujuRunSocket:     newSocket("run"),
 			RemoteJujucServerSocket: newSocket("agent"),
-			LocalJujuRunSocket:      newUnixSocket(baseDir, unitTag, worker, "run", false),
-			LocalJujucServerSocket:  newUnixSocket(baseDir, unitTag, worker, "agent", true),
+			LocalJujuRunSocket:      newUnixSocket(baseDir, unitTag, worker, "run"),
+			LocalJujucServerSocket:  newUnixSocket(baseDir, unitTag, worker, "agent"),
 		},
 		State: StatePaths{
 			BaseDir:         baseDir,
@@ -204,7 +204,7 @@ func NewWorkerPaths(dataDir string, unitTag names.UnitTag, worker string, socket
 	}
 }
 
-func newUnixSocket(baseDir string, unitTag names.UnitTag, worker string, name string, abstract bool) SocketPair {
+func newUnixSocket(baseDir string, unitTag names.UnitTag, worker string, name string) SocketPair {
 	socket := sockets.Socket{Network: "unix"}
 	if jujuos.HostOS() == jujuos.Windows {
 		base := fmt.Sprintf("%s", unitTag)
@@ -218,9 +218,6 @@ func newUnixSocket(baseDir string, unitTag names.UnitTag, worker string, name st
 	if worker != "" {
 		path = filepath.Join(baseDir, fmt.Sprintf("%s-%s.socket", worker, name))
 	}
-	if abstract {
-		path = "@" + path
-	}
 	socket.Address = path
 	return SocketPair{socket, socket}
 }

worker/uniter/paths_test.go+3 −3 modified

@@ -100,7 +100,7 @@ func (s *PathsSuite) TestOther(c *gc.C) {
 	relAgent := relPathFunc(relData("agents", "unit-some-application-323"))
 
 	localRunSocket := sockets.Socket{Network: "unix", Address: relAgent("run.socket")}
-	localJujucSocket := sockets.Socket{Network: "unix", Address: "@" + relAgent("agent.socket")}
+	localJujucSocket := sockets.Socket{Network: "unix", Address: relAgent("agent.socket")}
 	c.Assert(paths, jc.DeepEquals, uniter.Paths{
 		ToolsDir: relData("tools/unit-some-application-323"),
 		Runtime: uniter.RuntimePaths{
@@ -135,7 +135,7 @@ func (s *PathsSuite) TestTCPRemote(c *gc.C) {
 	relData := relPathFunc(dataDir)
 	relAgent := relPathFunc(relData("agents", "unit-some-application-323"))
 	localRunSocket := sockets.Socket{Network: "unix", Address: relAgent("run.socket")}
-	localJujucSocket := sockets.Socket{Network: "unix", Address: "@" + relAgent("agent.socket")}
+	localJujucSocket := sockets.Socket{Network: "unix", Address: relAgent("agent.socket")}
 	remoteRunServerSocket := sockets.Socket{Network: "tcp", Address: ":30666", TLSConfig: socketConfig.TLSConfig}
 	remoteRunClientSocket := sockets.Socket{Network: "tcp", Address: "127.0.0.1:30666", TLSConfig: socketConfig.TLSConfig}
 	remoteJujucServerSocket := sockets.Socket{Network: "tcp", Address: ":30323", TLSConfig: socketConfig.TLSConfig}
@@ -170,7 +170,7 @@ func (s *PathsSuite) TestWorkerPaths(c *gc.C) {
 	relData := relPathFunc(dataDir)
 	relAgent := relPathFunc(relData("agents", "unit-some-application-323"))
 	localRunSocket := sockets.Socket{Network: "unix", Address: relAgent(worker + "-run.socket")}
-	localJujucSocket := sockets.Socket{Network: "unix", Address: "@" + relAgent(worker+"-agent.socket")}
+	localJujucSocket := sockets.Socket{Network: "unix", Address: relAgent(worker + "-agent.socket")}
 	c.Assert(paths, jc.DeepEquals, uniter.Paths{
 		ToolsDir: relData("tools/unit-some-application-323"),
 		Runtime: uniter.RuntimePaths{

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-8v4w-f4r9-7h6xghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-8037ghsaADVISORY
github.com/juju/juju/blob/725800953aaa29dbeda4f806097bf838e61644dd/worker/uniter/paths.goghsaWEB
github.com/juju/juju/commit/2f2ec128ef5a8ca81fc86ae79cfcdbab0007c206ghsaWEB
github.com/juju/juju/security/advisories/GHSA-8v4w-f4r9-7h6xghsaissue-trackingWEB
github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4ghsaWEB
pkg.go.dev/vuln/GO-2024-3174ghsaWEB
www.cve.org/CVERecordmitreissue-tracking

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000