GHSA-8c64-q78q-87r6: Duplicate Advisory: Juju leaks of the sensitive context ID

July 29, 2024 (updated August 5, 2024)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-6vjm-54vp-mxhx. This link has been maintained to preserve external references.

Original Description

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.

References

github.com/advisories/GHSA-8c64-q78q-87r6
github.com/juju/juju
github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2
github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx
nvd.nist.gov/vuln/detail/CVE-2024-6984
www.cve.org/CVERecord?id=CVE-2024-6984

Code Behaviors & Features

Detect and mitigate GHSA-8c64-q78q-87r6 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →