GHSA-x5rv-w9pm-8qp8

Опубликовано: 01 мар. 2023

Источник: github

Github: Прошло ревью

CVSS3: 4.9

Описание

Juju controller - Arbitrary file reading vulnerability

Impact

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

Patches

Patched in juju 2.9.38 and juju 3.0.3 juju/juju#ef803e2

Workarounds

Limit read access to the controller model to only trusted users.

Ссылки

Пакеты

Наименование

github.com/juju/juju

Затронутые версииВерсия исправления

>= 2.9.22, < 2.9.38

2.9.38

Наименование

github.com/juju/juju

Затронутые версииВерсия исправления

>= 3.0.0, < 3.0.3

3.0.3

EPSS

Процентиль: 53%

0.00298

Низкий

4.9 Medium

CVSS3

CVE ID

CVE-2023-0092

Дефекты

CWE-22

CWE-73

Связанные уязвимости

CVE-2023-0092

CVSS3: 4.9

ubuntu

около 1 года назад

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

CVE-2023-0092

CVSS3: 4.9

nvd

около 1 года назад

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

CVE-2023-0092

CVSS3: 4.9

debian

около 1 года назад

An authenticated user who has read access to the juju controller model ...

EPSS

Процентиль: 53%

0.00298

Низкий

4.9 Medium

CVSS3

CVE ID

CVE-2023-0092

Дефекты

CWE-22

CWE-73