CVE-2024-6984

LOW EPSS 29.7%
Published Jul 29, 20241y ago · Modified Jun 17, 20262w ago
3.8 CVSS 3.1
Low
Find Similar
Published Jul 29, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.

CVSS Details

Base Score
3.8
Exploitability
2.0
Impact
1.4
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
29.7% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-209

Affected Products 5

VendorProductVersionRange
canonicaljuju*≥2.9  –  <2.9.50
canonicaljuju*≥3.1  –  <3.1.9
canonicaljuju*≥3.3  –  <3.3.6
canonicaljuju*≥3.4  –  <3.4.5
canonicaljuju*≥3.5  –  <3.5.3

References 3

  • github.com https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2
    Patch
  • github.com https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx
    ExploitVendor Advisory
  • cve.org https://www.cve.org/CVERecord?id=CVE-2024-6984
    Third Party Advisory

Remediation

  • github.com https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2
    Patch