GHSA-85qf-6845-m8p2: Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability

October 2, 2024

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-xwgj-vpm9-q2rq. This link is maintained to preserve external references.

Original Description

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.

References

github.com/advisories/GHSA-85qf-6845-m8p2
github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq
nvd.nist.gov/vuln/detail/CVE-2024-8038
www.cve.org/CVERecord?id=CVE-2024-8038

Code Behaviors & Features

Detect and mitigate GHSA-85qf-6845-m8p2 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →