Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is i
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authen
An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local cha
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an
Deserialization of Untrusted Data vulnerability in ModelTheme QRMenu Restaurant QR Menu Lite qrmenu-lite allows Object Injection.This issue affects QRMenu Restaurant QR Menu Lite: from n/a through <=
In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership.
In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membershi
A vulnerability, which was classified as critical, has been found in juzaweb CMS up to 3.4.2. Affected by this issue is some unknown functionality of the file /admin-cp/plugin/editor of the component
Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through < 2.8.2.
This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control (RBAC) through dual dependency on frontend menu systems and backend permission tab
A vulnerability was found in juzaweb CMS up to 3.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-cp/menus of the component Menu Pag
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret re
Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet Ja
A vulnerability has been found in juzaweb CMS up to 3.4.2 and classified as critical. This vulnerability affects unknown code of the file /admin-cp/setting/system/general of the component General Sett
Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose allows Object Injection. This issue affects PIMP - Creative MultiPurpose: from n/a through 1.7.
Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or poss
Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a through < 4.0.1.
A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argumen
A vulnerability has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/cardEdit.php. Such manipulation leads to cross s
A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of the file /admin-cp/plugin/install of the component Plugins Page. The manipulatio
Page 1+ Next →