Moderate severityNVD Advisory· Published Jul 8, 2025· Updated Jul 8, 2025
Sensitive log retrieval in Juju
CVE-2025-53512
Description
The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/juju/jujuGo | < 0.0.0-20250619024904-402ff008dcc2 | 0.0.0-20250619024904-402ff008dcc2 |
Affected products
3- ghsa-coords2 versions
< 0.0.0-20250619024904-402ff008dcc2+ 1 more
- (no CPE)range: < 0.0.0-20250619024904-402ff008dcc2
- (no CPE)range: < 0.0.20250730T213748-1.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-r64v-82fh-xc63ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-53512ghsaADVISORY
- github.com/juju/juju/commit/402ff008dcc2cb57f4441968628637efb5c2a662ghsaWEB
- github.com/juju/juju/commit/c91a1f4046956874ba77c8b398aecee3d61a2dc3ghsaWEB
- github.com/juju/juju/security/advisories/GHSA-r64v-82fh-xc63ghsaWEB
News mentions
0No linked articles in our index yet.