Juju
by Canonical
Source repositories
CVEs (18)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9232 | Cri | 0.64 | 9.8 | 0.48 | May 28, 2017 | Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root. | ||
| CVE-2026-4370 | Cri | 0.58 | 10.0 | 0.00 | Apr 1, 2026 | A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not… | ||
| CVE-2026-5412 | Cri | 0.57 | 9.9 | 0.00 | Apr 10, 2026 | In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive… | ||
| CVE-2026-5774 | Med | 0.35 | 6.4 | 0.00 | Apr 10, 2026 | Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token. | ||
| CVE-2025-68153 | Med | 0.35 | 6.5 | 0.00 | Apr 3, 2026 | Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or… | ||
| CVE-2025-68152 | Med | 0.25 | 4.9 | 0.00 | Apr 3, 2026 | Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, it is possible that a compromised… | ||
| CVE-2026-32694 | 0.00 | — | 0.00 | Mar 18, 2026 | In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past… | |||
| CVE-2026-32693 | 0.00 | — | 0.00 | Mar 18, 2026 | In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation… | |||
| CVE-2026-32692 | 0.00 | — | 0.00 | Mar 18, 2026 | An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing… | |||
| CVE-2026-32691 | 0.00 | — | 0.00 | Mar 18, 2026 | A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated… | |||
| CVE-2025-0928 | 0.00 | — | 0.01 | Jul 8, 2025 | In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned… | |||
| CVE-2025-53513 | 0.00 | — | 0.01 | Jul 8, 2025 | The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running… | |||
| CVE-2025-53512 | 0.00 | — | 0.00 | Jul 8, 2025 | The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information. | |||
| CVE-2023-0092 | 0.00 | — | 0.01 | Jan 31, 2025 | An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. | |||
| CVE-2024-8038 | 0.00 | — | 0.00 | Oct 2, 2024 | Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks. | |||
| CVE-2024-8037 | 0.00 | — | 0.00 | Oct 2, 2024 | Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are… | |||
| CVE-2024-7558 | 0.00 | — | 0.01 | Oct 2, 2024 | JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the… | |||
| CVE-2024-6984 | 0.00 | — | 0.00 | Jul 29, 2024 | An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm. |
- risk 0.64cvss 9.8epss 0.48
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
- risk 0.58cvss 10.0epss 0.00
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not…
- risk 0.57cvss 9.9epss 0.00
In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive…
- risk 0.35cvss 6.4epss 0.00
Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token.
- risk 0.35cvss 6.5epss 0.00
Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or…
- risk 0.25cvss 4.9epss 0.00
Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, it is possible that a compromised…
- CVE-2026-32694Mar 18, 2026risk 0.00cvss —epss 0.00
In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past…
- CVE-2026-32693Mar 18, 2026risk 0.00cvss —epss 0.00
In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation…
- CVE-2026-32692Mar 18, 2026risk 0.00cvss —epss 0.00
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing…
- CVE-2026-32691Mar 18, 2026risk 0.00cvss —epss 0.00
A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated…
- CVE-2025-0928Jul 8, 2025risk 0.00cvss —epss 0.01
In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned…
- CVE-2025-53513Jul 8, 2025risk 0.00cvss —epss 0.01
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running…
- CVE-2025-53512Jul 8, 2025risk 0.00cvss —epss 0.00
The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.
- CVE-2023-0092Jan 31, 2025risk 0.00cvss —epss 0.01
An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.
- CVE-2024-8038Oct 2, 2024risk 0.00cvss —epss 0.00
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.
- CVE-2024-8037Oct 2, 2024risk 0.00cvss —epss 0.00
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are…
- CVE-2024-7558Oct 2, 2024risk 0.00cvss —epss 0.01
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the…
- CVE-2024-6984Jul 29, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.