GHSA-6vjm-54vp-mxhx: Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm

August 5, 2024

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm. A potential exploit where a user can run a bash loop attempting to execute hook tools. If running while another hook is executing, we log an error with the context ID, making it possible for the user to then use that ID in a following call successfully. This means an unprivileged user can access anything available via a hook tool such as config, relation data and secrets.

References

github.com/advisories/GHSA-6vjm-54vp-mxhx
github.com/juju/juju
github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2
github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx
nvd.nist.gov/vuln/detail/CVE-2024-6984

Detect and mitigate GHSA-6vjm-54vp-mxhx with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →