Headline

GHSA-85qf-6845-m8p2: Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-xwgj-vpm9-q2rq. This link is maintained to preserve external references.

Original Description

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.

1 month ago

ghsa

Open in Source

#vulnerability #dos #git #auth

GitHub Advisory Database
GitHub Reviewed
GHSA-85qf-6845-m8p2

Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability

High severity GitHub Reviewed Published Oct 2, 2024 to the GitHub Advisory Database • Updated Oct 2, 2024

Withdrawn This advisory was withdrawn on Oct 2, 2024

Package

gomod github.com/juju/juju (Go)

Affected versions

< 0.0.0-20241001032836-2af7bd8e310b

Patched versions

0.0.0-20241001032836-2af7bd8e310b

Published by the National Vulnerability Database

Oct 2, 2024

Published to the GitHub Advisory Database

Oct 2, 2024

ghsa: Latest News

GHSA-hxf5-99xg-86hw: cap-std doesn't fully sandbox all the Windows device filenames

13 hours ago

ghsa

GHSA-c2f5-jxjv-2hh8: Wasmtime doesn't fully sandbox all the Windows device filenames

13 hours ago

ghsa

GHSA-4cf2-cxp3-rjr7: HAPI FHIR XML External Entity (XXE) vulnerability

16 hours ago

ghsa

GHSA-v2qh-f584-6hj8: @workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled

17 hours ago

ghsa

GHSA-5wmg-9cvh-qw25: @workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled

17 hours ago

ghsa