CVE-2024-8037
MEDIUM EPSS 8.3%
Published Oct 2, 20241y ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Published Oct 2, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
8.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-276
Affected Products 6
References 2
- github.com https://github.com/juju/juju/security/advisories/GHSA-8v4w-f4r9-7h6x
- cve.org https://www.cve.org/CVERecord?id=CVE-2024-8037
Remediation
- github.com https://github.com/juju/juju/security/advisories/GHSA-8v4w-f4r9-7h6x