VYPR
Moderate severityNVD Advisory· Published Oct 2, 2024· Updated Nov 1, 2024

CVE-2024-8037

CVE-2024-8037

Description

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/juju/jujuGo
< 0.0.0-20240820065804-2f2ec128ef5a0.0.0-20240820065804-2f2ec128ef5a

Affected products

8

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.