Headline
GHSA-fc27-7pf5-96v3: Duplicate Advisory: Vulnerable juju hook tool abstract UNIX domain socket
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-8v4w-f4r9-7h6x. This link is maintained to preserve external references.
Original Description
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-fc27-7pf5-96v3
Duplicate Advisory: Vulnerable juju hook tool abstract UNIX domain socket
Moderate severity GitHub Reviewed Published Oct 2, 2024 to the GitHub Advisory Database • Updated Oct 2, 2024
Withdrawn This advisory was withdrawn on Oct 2, 2024
Package
gomod github.com/juju/juju (Go)
Affected versions
< 0.0.0-20241001032836-2af7bd8e310b
Patched versions
0.0.0-20241001032836-2af7bd8e310b
Published by the National Vulnerability Database
Oct 2, 2024
Published to the GitHub Advisory Database
Oct 2, 2024