Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-7558

JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.

Published

2024-10-02T11:15:11.460

Last Modified

2025-08-26T17:42:37.967

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.7 (HIGH)

Weaknesses

Type: Secondary
CWE-337
CWE-340
CWE-1391
Type: Primary
CWE-330
CWE-335

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	canonical	juju	< 2.9.51	Yes
Application	canonical	juju	< 3.1.10	Yes
Application	canonical	juju	< 3.2.4	Yes
Application	canonical	juju	< 3.3.7	Yes
Application	canonical	juju	< 3.4.6	Yes
Application	canonical	juju	< 3.5.4	Yes

References

https://github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4 Exploit, Patch, Vendor Advisory ([email protected])
https://www.cve.org/CVERecord?id=CVE-2024-7558 Third Party Advisory ([email protected])