Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret is still updated contrary to expectations, and the new value is visible to both the owner and the grantee.
AnalysisAI
An authorization bypass vulnerability in Canonical's Juju versions 3.0.0 through 3.6.18 allows authenticated users with grantee privileges to incorrectly update secret content beyond their intended permissions, potentially accessing or modifying other secrets. The vulnerability (CWE-863: Incorrect Authorization) has a CVSS score of 8.8, indicating high severity with network-based exploitation requiring low attack complexity and low privileges. The flaw is particularly dangerous because even when exploitation attempts are logged as errors, the unauthorized secret updates still persist and become visible to both owners and grantees.
Technical ContextAI
Juju is Canonical's open-source application modeling and deployment tool used for orchestrating cloud services and applications. The affected component is the 'secret-set' tool within Juju (cpe:2.3:a:canonical:juju), which manages secrets used in application deployments. The vulnerability stems from CWE-863 (Incorrect Authorization), where the authorization checks fail to properly validate whether a grantee has the authority to modify specific secrets. This allows privilege escalation within the secrets management system, where users can manipulate secrets outside their granted scope. The flaw affects the core secret management functionality, a critical component for secure credential and configuration management in multi-tenant cloud environments.
RemediationAI
Organizations should upgrade Canonical Juju to version 3.6.19 or later as soon as possible, following guidance in the official security advisory at https://github.com/juju/juju/security/advisories/GHSA-439w-v2p7-pggc. Until patching can be completed, implement strict network segmentation to limit access to Juju controllers, enforce principle of least privilege by auditing and restricting secret grantee permissions, and implement enhanced monitoring for secret modification activities to detect unauthorized access attempts. Review all existing secret grants and revoke unnecessary permissions, and consider rotating secrets that may have been exposed during the vulnerable period.
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate pe
In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent bina
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on t
JUJU_CONTEXT_ID is a predictable authentication secret. Rated high severity (CVSS 8.0), this vulnerability is low attack
The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access deb
Unauthenticated remote database cluster compromise in Canonical Juju (versions 3.2.0-3.6.19 and 4.0-4.0.4) allows comple
Authorization bypass in Canonical Juju Controller facade allows authenticated users to extract bootstrap cloud credentia
An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged
An authorization bypass vulnerability exists in the Vault secrets back-end implementation of Canonical's Juju orchestrat
Unauthorized resource modification in Juju application orchestration engine allows any authenticated controller user to
Juju application orchestration engine versions 2.9 to 2.9.55 and 3.6 to 3.6.18 allow a compromised workload machine to r
A predictable secret identifier (XID) vulnerability in Juju versions 3.0.0 through 3.6.18 allows a malicious grantee to
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allVendor StatusVendor
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| (unstable) | fixed | (unfixed) | - |
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12819
GHSA-439w-v2p7-pggc