Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-53513

Опубликовано: 08 июл. 2025
Источник: ubuntu
Приоритет: high
EPSS Низкий
CVSS3: 8.8

Описание

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.

РелизСтатусПримечание
devel

DNE

jammy

DNE

noble

DNE

plucky

DNE

snap

released

3.6.8
upstream

released

2.9.52, 3.6.8

Показывать по

Ссылки на источники

EPSS

Процентиль: 27%
0.00096
Низкий

8.8 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-53513

CVSS3: 8.8
nvd
7 месяцев назад

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.

debian логотип

CVE-2025-53513

CVSS3: 8.8
debian
7 месяцев назад

The /charms endpoint on a Juju controller lacked sufficient authorizat ...

github логотип

GHSA-24ch-w38v-xmh8

CVSS3: 8.8
github
7 месяцев назад

Juju zip slip vulnerability via authenticated endpoint

EPSS

Процентиль: 27%
0.00096
Низкий

8.8 High

CVSS3