PT-2026-30121 · Canonical · Juju
Published
2026-04-03
·
Updated
2026-04-06
·
CVE-2025-68153
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Juju versions 2.9 through 2.9.55 and 3.6 through 3.6.18
Description
Juju, an application orchestration engine, allows any authenticated user, machine, or controller to modify application resources within a Juju controller. This impacts versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19.
Recommendations
Update to Juju version 2.9.56 or later.
Update to Juju version 3.6.19 or later.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Juju