canonical juju CVE Vulnerabilities (19)

CVEs: 19 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting canonical juju (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 119 of 19 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-5774 Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token. [email protected] 6.0 0.24% 2026-04-10 2026-06-17
CVE-2026-5412 In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This issue is resolved in Juju versions 2.9.57 and 3.6.21. [email protected] 9.9 0.45% 2026-04-10 2026-06-17
CVE-2025-68153 Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or controller under a Juju controller can modify the resources of an application within the entire controller. This issue has been patched in versions 2.9.56 and 3.6.19. [email protected] 7.1 0.23% 2026-04-03 2026-06-17
CVE-2025-68152 Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, it is possible that a compromised workload machine under a Juju controller can read any log file for any entity in any model at any level. This issue has been patched in versions 2.9.56 and 3.6.19. [email protected] 6.9 0.36% 2026-04-03 2026-06-17
CVE-2026-4370 A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client certificates when a new node attempts to join the cluster. An unauthenticated attacker with network reachability to the Juju controller's Dqlite port can exploit this flaw to join the database cluster. Once join [email protected] 10.0 0.38% 2026-04-01 2026-06-17
CVE-2026-32694 In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the same secret owner to different grantees, allowing them to use the resources granted by those past secrets. Successful exploitation relies on a very specific configuration, specific data semantic, and the [email protected] 6.6 0.27% 2026-03-18 2026-06-17
CVE-2026-32693 In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret is still updated contrary to expectations, and the new value is visible to both the owner and the grantee. [email protected] 8.8 0.30% 2026-03-18 2026-06-17
CVE-2026-32692 An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end. [email protected] 7.6 0.17% 2026-03-18 2026-06-17
CVE-2026-32691 A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit agent can claim ownership of a known secret. This leads to the attacking unit being able to read the content of the initial secret revision. [email protected] 5.3 0.23% 2026-03-18 2026-06-17
CVE-2025-0928 In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution. [email protected] 8.8 0.57% 2025-07-08 2026-06-17
CVE-2025-53513 The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm. [email protected] 8.8 0.65% 2025-07-08 2026-06-17
CVE-2025-53512 The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information. [email protected] 6.5 0.32% 2025-07-08 2026-06-17
CVE-2023-0092 An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. [email protected] 4.9 0.60% 2025-01-30 2026-06-17
CVE-2024-8038 Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks. [email protected] 7.9 0.21% 2024-10-02 2026-06-17
CVE-2024-8037 Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. [email protected] 6.5 0.18% 2024-10-02 2026-06-17
CVE-2024-7558 JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm. [email protected] 8.7 0.50% 2024-10-02 2026-06-17
CVE-2024-6984 An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm. [email protected] 8.8 0.38% 2024-07-29 2026-06-17
CVE-2015-1316 Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key. [email protected] 6.4 1.16% 2019-04-22 2026-06-16
CVE-2017-9232 Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root. [email protected] 9.8 48.50% 2017-05-27 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence