Moderate severityNVD Advisory· Published Oct 2, 2024· Updated Oct 2, 2024
CVE-2024-8038
CVE-2024-8038
Description
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/juju/jujuGo | < 0.0.0-20240829052008-43f0fc59790d | 0.0.0-20240829052008-43f0fc59790d |
Affected products
8- ghsa-coords7 versionspkg:golang/github.com/juju/jujupkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Package%20Hub%2012
< 0.0.0-20240829052008-43f0fc59790d+ 6 more
- (no CPE)range: < 0.0.0-20240829052008-43f0fc59790d
- (no CPE)range: < 0.0.20241030T212825-150000.1.9.1
- (no CPE)range: < 0.0.20241030T212825-150000.1.9.1
- (no CPE)range: < 0.0.20241030T212825-1.1
- (no CPE)range: < 0.0.20241030T212825-150000.1.9.1
- (no CPE)range: < 0.0.20241030T212825-150000.1.9.1
- (no CPE)range: < 0.0.20241104T154416-5.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-xwgj-vpm9-q2rqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-8038ghsaADVISORY
- github.com/juju/juju/blob/725800953aaa29dbeda4f806097bf838e61644dd/worker/introspection/worker.goghsaWEB
- github.com/juju/juju/commit/43f0fc59790d220a457d4d305f484f62be556d3bghsaWEB
- github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rqghsaissue-trackingWEB
- pkg.go.dev/vuln/GO-2024-3175ghsaWEB
- www.cve.org/CVERecordmitreissue-tracking
News mentions
0No linked articles in our index yet.