PT-2026-30120 · Canonical · Juju
Published
2026-04-03
·
Updated
2026-04-03
·
CVE-2025-68152
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Juju versions 2.9 through 2.9.55 and 3.6 through 3.6.18
Description
A compromised workload machine under a Juju controller could potentially read any log file for any entity in any model at any level. This affects the application orchestration engine Juju.
Recommendations
Update to Juju version 2.9.56 or later.
Update to Juju version 3.6.19 or later.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Juju