关键信息 CVE-2024-8038 CNA (Canonical Ltd.) - Published: 2024-10-02 - Updated: 2024-10-02 Description Vulnerable juju introspection abstract UNIX domain socket: An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks. CWE (Common Weakness Enumeration) CWE-420: CWE-420 CVSS (Common Vulnerability Scoring System) Score: 7.9 Severity: HIGH Version: 3.1 Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H Product Status Vendor: Canonical Ltd. Product: Juju Platforms: Linux Affected Versions 3.5 before 3.5.4 3.4 before 3.4.6 3.3 before 3.3.7 3.1 before 3.1.10 2.9 before 2.9.51 Credits Harry Pidcock: finder, remediation developer Mark Esler: coordinator References GitHub: juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq CISA: CVE-2024-8038 Authorized Data Publishers CISA-ADP --- Additional Information Policies & Cookies: Terms of Use, Website Security Policy, Privacy Policy, Cookie Notice, Manage Cookies Media: News, Blogs, Podcasts, Email newsletter sign up Social Media: Twitter, LinkedIn, Instagram, YouTube, Twitch Contact: CVE Program Support, CNA Partners, CVE Website Support, CVE Program Idea Tracker