CVE-2024-8038

EUVD-2024-3173
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.9 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
canonicalCNA
7.9 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
canonicaljuju
𝑥
< 2.9.51
canonicaljuju
3.1.0 ≤
𝑥
< 3.1.10
canonicaljuju
3.2.0 ≤
𝑥
≤ 3.2.4
canonicaljuju
3.3 ≤
𝑥
< 3.3.7
canonicaljuju
3.4 ≤
𝑥
< 3.4.6
canonicaljuju
3.5.0 ≤
𝑥
< 3.5.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq
https://www.cve.org/CVERecord?id=CVE-2024-8038