Hpidcock

**Name of the Vulnerable Software and Affected Versions** juju versions prior to 2.9.51 juju versions prior to 3.1.10 juju versions prior to 3.3.7 juju versions prior to 3.4.6 juju versions prior to 3.5.4 **Description** The `JUJU CONTEXT ID` is a predictable authentication secret. On a Juju machine or Juju charm container, an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the `JUJU CONTEXT ID` value. This gives the unprivileged user access to the same information and tools as the Juju charm. The `JUJU CONTEXT ID` has components including the application name, unit number, current hook, and a uint63 decimal number. The random number generator used is not cryptographically secure, making it highly predictable. There is no rate limiting on the abstract domain socket, allowing an unprivileged user to try multiple connections. **Recommendations** For versions prior to 2.9.51, upgrade to version 2.9.51 or later. For versions prior to 3.1.10, upgrade to version 3.1.10 or later. For versions prior to 3.3.7, upgrade to version 3.3.7 or later. For versions prior to 3.4.6, upgrade to version 3.4.6 or later. For versions prior to 3.5.4, upgrade to version 3.5.4 or later.

Name of the Vulnerable Software and Affected Versions: juju versions prior to 2.9.51 juju versions prior to 3.1.10 juju versions prior to 3.3.7 juju versions prior to 3.4.6 juju versions prior to 3.5.4 Description: The juju hook tool's abstract UNIX domain socket is vulnerable. When combined with an attack of `JUJU CONTEXT ID`, any user on the local system with access to the default network namespace may connect to the `/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket` and perform actions that are normally reserved to a juju charm. Recommendations: For versions prior to 2.9.51, update to version 2.9.51 or later. For versions prior to 3.1.10, update to version 3.1.10 or later. For versions prior to 3.3.7, update to version 3.3.7 or later. For versions prior to 3.4.6, update to version 3.4.6 or later. For versions prior to 3.5.4, update to version 3.5.4 or later.

Name of the Vulnerable Software and Affected Versions: juju versions prior to 2.9.51 juju versions prior to 3.1.10 juju versions prior to 3.3.7 juju versions prior to 3.4.6 juju versions prior to 3.5.4 Description: The issue concerns an abstract UNIX domain socket used for juju introspection, which is available without authentication locally to network namespace users. This enables denial of service attacks. Specifically, on a juju controller agent, denial of service can be performed by using the "/leases/revoke" endpoint, which can cause availability issues. On a juju machine agent hosting units, disabling the unit component can be performed using the "/units" endpoint with a "stop" action. Recommendations: For versions prior to 2.9.51, update to version 2.9.51 or later. For versions prior to 3.1.10, update to version 3.1.10 or later. For versions prior to 3.3.7, update to version 3.3.7 or later. For versions prior to 3.4.6, update to version 3.4.6 or later. For versions prior to 3.5.4, update to version 3.5.4 or later. As a temporary workaround, consider restricting access to the "/leases/revoke" and "/units" endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pebble versions prior to 1.10.2 Pebble versions 1.1.1, 1.4.2, and 1.7.4 are fixed versions, but all versions prior to 1.10.2 are considered vulnerable. **Description** The issue allows unprivileged local users to read files with root-equivalent permissions when Pebble is running as root. This is due to the read-file API and the associated pebble pull command allowing access from any user, instead of just admin. If an attacker gains local access to the container host, they could hit the Pebble `GET /v1/files?action=read` API and read any file in the workload container, including sensitive information such as ssh keys or database passwords. **Recommendations** For Pebble versions prior to 1.10.2, update to version 1.10.2 or later to resolve the issue. For Pebble versions prior to 1.1.1, 1.4.2, and 1.7.4, update to the respective fixed version to resolve the issue. As a temporary workaround, consider restricting access to the Pebble `GET /v1/files?action=read` API to minimize the risk of exploitation.