PT-2023-16007 · Canonical · Juju
Published
2023-03-01
·
Updated
2025-01-31
·
CVE-2023-0092
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
juju versions prior to 2.9.38
juju versions prior to 3.0.3
Description
An authenticated user who has read access to the juju controller model may construct a remote request to download an arbitrary file from the controller's filesystem.
Recommendations
For versions prior to 2.9.38, update to version 2.9.38 or later.
For versions prior to 3.0.3, update to version 3.0.3 or later.
As a temporary workaround, limit read access to the controller model to only trusted users.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Juju