CVE-2024-7558 — HIGH (8.7) — White Hats Nepal

Q: How severe is CVE-2024-7558?

CVE-2024-7558 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-7558?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Juju.

Vulnerability Description

JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.

CVSS Score

8.7

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Canonical	Juju	< 2.9.51

Related Weaknesses (CWE)

CWE-340 CWE-335 CWE-337 CWE-1391 CWE-330

References

https://github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4ExploitPatchVendor Advisory
https://www.cve.org/CVERecord?id=CVE-2024-7558Third Party Advisory

FAQ

What is CVE-2024-7558?

CVE-2024-7558 is a vulnerability with a CVSS score of 8.7 (HIGH). JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an...

How severe is CVE-2024-7558?

CVE-2024-7558 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-7558?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Juju.