Wallyworld

Name of the Vulnerable Software and Affected Versions: Juju (affected versions not specified) Description: The issue concerns the "/log" endpoint on a Juju controller, which lacked sufficient authorization checks. This allowed unauthorized users to access debug messages that could contain sensitive information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Juju (affected versions not specified) Description: The issue concerns a lack of sufficient authorization checks in the "/charms" endpoint on a Juju controller, allowing any user with an account to upload a charm. This could be exploited by uploading a malicious charm that takes advantage of a Zip Slip vulnerability, potentially granting an attacker access to a machine running a unit through the affected charm. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.