Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-8038

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.

Published

2024-10-02T11:15:11.853

Last Modified

2025-08-26T17:44:59.090

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.9 (HIGH)

Weaknesses

Type: Secondary
CWE-420
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	canonical	juju	< 2.9.51	Yes
Application	canonical	juju	< 3.1.10	Yes
Application	canonical	juju	≤ 3.2.4	Yes
Application	canonical	juju	< 3.3.7	Yes
Application	canonical	juju	< 3.4.6	Yes
Application	canonical	juju	< 3.5.4	Yes

References

https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq Patch, Vendor Advisory ([email protected])
https://www.cve.org/CVERecord?id=CVE-2024-8038 Third Party Advisory ([email protected])