CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
github.com/juju/juju is vulnerable to Sensitive Information Exposure. The vulnerability is due to the leak of the sensitive context ID, allowing a local unprivileged attacker to access other sensitive data or relations accessible to the local charm.
github.com/advisories/GHSA-8c64-q78q-87r6
github.com/juju/juju/commit/5a25c2e56485c0192dde2e549f6db1d8681b9b93
github.com/juju/juju/commit/63d460f9ee6c7c710131961390687e7a0ab90470
github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2
github.com/juju/juju/commit/e5130b8c9e327c81818c849951575b9f3156307d
github.com/juju/juju/commit/fc6e5319436798de9ab65395c80438a7be8b436e
github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx
www.cve.org/CVERecord?id=CVE-2024-6984