GHSA-8c64-q78q-87r6

Опубликовано: 29 июл. 2024

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

Duplicate Advisory: Juju leaks of the sensitive context ID

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-6vjm-54vp-mxhx. This link has been maintained to preserve external references.

Original Description

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.

Ссылки

https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx
https://nvd.nist.gov/vuln/detail/CVE-2024-6984
https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2
https://www.cve.org/CVERecord?id=CVE-2024-6984

Пакеты

Наименование

github.com/juju/juju

Затронутые версииВерсия исправления

< 2.9.50

2.9.50

8.8 High

CVSS3

Дефекты

CWE-209

8.8 High

CVSS3

Дефекты

CWE-209