CVE-2024-8037

Name of the Vulnerable Software and Affected Versions: juju versions prior to 2.9.51 juju versions prior to 3.1.10 juju versions prior to 3.3.7 juju versions prior to 3.4.6 juju versions prior to 3.5.4

Description: The juju hook tool's abstract UNIX domain socket is vulnerable. When combined with an attack of JUJU CONTEXT ID, any user on the local system with access to the default network namespace may connect to the /var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.

Recommendations: For versions prior to 2.9.51, update to version 2.9.51 or later. For versions prior to 3.1.10, update to version 3.1.10 or later. For versions prior to 3.3.7, update to version 3.3.7 or later. For versions prior to 3.4.6, update to version 3.4.6 or later. For versions prior to 3.5.4, update to version 3.5.4 or later.