EUVD-2026-12817
GHSA-89x7-5m5m-mcmm
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Lifecycle Timeline
4Description
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.
Analysis
An authorization bypass vulnerability exists in the Vault secrets back-end implementation of Canonical's Juju orchestration tool, allowing authenticated unit agents to perform unauthorized updates to secret revisions beyond their intended scope. Juju versions 3.1.6 through 3.6.18 are affected, and attackers with sufficient information can poison any existing secret revision within the Vault secret back-end scope. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Audit all Juju deployments to identify those using Vault as the secrets backend and document affected versions; notify relevant teams and escalate to infrastructure leadership. Within 7 days: Implement access controls to restrict unit agent permissions, disable Vault secret backend if not critical, and isolate affected Juju controller networks. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| (unstable) | fixed | (unfixed) | - |
Share
External POC / Exploit Code
Leaving vuln.today