Headline

GHSA-85qf-6845-m8p2: Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-xwgj-vpm9-q2rq. This link is maintained to preserve external references.

Original Description

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.

1 month ago

ghsa

Open in Source

#vulnerability #dos #git #auth

GitHub Advisory Database
GitHub Reviewed
GHSA-85qf-6845-m8p2

Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability

High severity GitHub Reviewed Published Oct 2, 2024 to the GitHub Advisory Database • Updated Oct 2, 2024

Withdrawn This advisory was withdrawn on Oct 2, 2024

Package

gomod github.com/juju/juju (Go)

Affected versions

< 0.0.0-20241001032836-2af7bd8e310b

Patched versions

0.0.0-20241001032836-2af7bd8e310b

Published by the National Vulnerability Database

Oct 2, 2024

Published to the GitHub Advisory Database

Oct 2, 2024

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

1 day ago

ghsa

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

1 day ago

ghsa

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

1 day ago

ghsa

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

1 day ago

ghsa

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

1 day ago

ghsa