Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-85qf-6845-m8p2: Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-xwgj-vpm9-q2rq. This link is maintained to preserve external references.

Original Description

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.

ghsa
#vulnerability#dos#git#auth
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. GHSA-85qf-6845-m8p2

Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability

High severity GitHub Reviewed Published Oct 2, 2024 to the GitHub Advisory Database • Updated Oct 2, 2024

Withdrawn This advisory was withdrawn on Oct 2, 2024

Package

gomod github.com/juju/juju (Go)

Affected versions

< 0.0.0-20241001032836-2af7bd8e310b

Patched versions

0.0.0-20241001032836-2af7bd8e310b

Published by the National Vulnerability Database

Oct 2, 2024

Published to the GitHub Advisory Database

Oct 2, 2024

ghsa: Latest News

GHSA-hxf5-99xg-86hw: cap-std doesn't fully sandbox all the Windows device filenames