CVE-2024-8038
HIGHjuju < 2.9.51 - Unauthenticated Denial of Service via Introspection Abstract UNIX Domain Socket
Title source: llmDescription
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.
References (2)
Core 2
Core References
Patch, Vendor Advisory issue-tracking
https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq
Third Party Advisory issue-tracking
https://www.cve.org/CVERecord?id=CVE-2024-8038
Scores
CVSS v3
7.9
EPSS
0.0008
EPSS Percentile
22.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-420
Status
published
Products (2)
canonical/juju
< 2.9.51
juju/juju
0 - 0.0.0-20240829052008-43f0fc59790dGo
Published
Oct 02, 2024
Tracked Since
Feb 18, 2026