Skip to main content

Juju

17 CVEs product

Monthly

CVE-2026-5412 Go CRITICAL PATCH GHSA Act Now

Authorization bypass in Canonical Juju Controller facade allows authenticated users to extract bootstrap cloud credentials via CloudSpec API. Affects Juju 2.9.0-2.9.56 and 3.6.0-3.6.20. Low-privileged authenticated attackers can escalate privileges by accessing sensitive cloud provider credentials, enabling lateral movement to infrastructure resources. Network-accessible with low complexity (CVSS 9.9 Critical). No public exploit identified at time of analysis. Patch available in versions 2.9.57 and 3.6.21.

Authentication Bypass Juju
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-68153 Go HIGH PATCH GHSA This Week

Unauthorized resource modification in Juju application orchestration engine allows any authenticated controller user to tamper with application resources across the entire controller scope. Affects Juju 2.9.0-2.9.55 and 3.6.0-3.6.18. Patched in versions 2.9.56 and 3.6.19. EPSS score of 0.01% suggests low probability of mass exploitation. No active exploitation confirmed (not in CISA KEV). Authentication requirement (PR:L) limits attack surface to compromised credentials or malicious insiders.

Authentication Bypass Juju
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-68152 Go MEDIUM PATCH GHSA This Month

Juju application orchestration engine versions 2.9 to 2.9.55 and 3.6 to 3.6.18 allow a compromised workload machine to read arbitrary log files for any entity across any model without proper authorization checks. This authentication bypass (CWE-863) affects high-privilege scenarios where an attacker already controls a machine within a Juju-managed infrastructure, enabling lateral information disclosure to extract sensitive operational logs. The vulnerability has been patched in Juju 2.9.56 and 3.6.19.

Authentication Bypass Juju
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-4370 Go CRITICAL PATCH GHSA Act Now

Unauthenticated remote database cluster compromise in Canonical Juju (versions 3.2.0-3.6.19 and 4.0-4.0.4) allows complete data exfiltration and manipulation through missing TLS certificate validation on Dqlite database endpoints. The controller's database cluster accepts unauthorized node joins from any network-accessible attacker, granting full read/write access to all stored credentials, configurations, and orchestration data. With CVSS 10.0 (AV:N/AC:L/PR:N/UI:N) and EPSS data unavailable, this represents a critical authentication bypass in infrastructure-as-code environments. No public exploit identified at time of analysis, though exploitation requires only network access to the Dqlite port without authentication complexity.

Information Disclosure Juju
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-32694 Go MEDIUM PATCH This Month

A predictable secret identifier (XID) vulnerability in Juju versions 3.0.0 through 3.6.18 allows a malicious grantee to enumerate and predict previously granted secrets owned by the same administrator, enabling unauthorized access to resources intended for other applications. An attacker with high privileges and control over at least one deployed application can exploit this to obtain credentials or configuration data from past secret grants, resulting in information disclosure and potential privilege escalation. While the CVSS score is moderate at 6.6 and exploitation requires specific configuration and high privileges, the fundamental weakness in secret ownership verification represents a significant trust boundary violation in Juju's secret management architecture.

Information Disclosure Debian Juju Suse
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-32693 Go HIGH PATCH This Week

An authorization bypass vulnerability in Canonical's Juju versions 3.0.0 through 3.6.18 allows authenticated users with grantee privileges to incorrectly update secret content beyond their intended permissions, potentially accessing or modifying other secrets. The vulnerability (CWE-863: Incorrect Authorization) has a CVSS score of 8.8, indicating high severity with network-based exploitation requiring low attack complexity and low privileges. The flaw is particularly dangerous because even when exploitation attempts are logged as errors, the unauthorized secret updates still persist and become visible to both owners and grantees.

Authentication Bypass Debian Juju Suse
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-32692 Go HIGH PATCH This Week

An authorization bypass vulnerability exists in the Vault secrets back-end implementation of Canonical's Juju orchestration tool, allowing authenticated unit agents to perform unauthorized updates to secret revisions beyond their intended scope. Juju versions 3.1.6 through 3.6.18 are affected, and attackers with sufficient information can poison any existing secret revision within the Vault secret back-end scope. With a CVSS score of 7.6 (High severity) featuring network attack vector, low complexity, and high integrity impact, this represents a significant security concern for Juju deployments using Vault as their secrets back-end, though no active exploitation (KEV) status or EPSS score was provided in available data.

Hashicorp Authentication Bypass Debian Juju Suse
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-32691 Go MEDIUM PATCH This Month

Juju 3.0.0 through 3.6.18 contains a race condition in secrets management that allows authenticated unit agents to intercept and claim ownership of newly created secrets due to a timing window between secret ID generation and revision creation. An attacker with valid unit agent credentials can exploit this to read the initial content of secrets intended for other units. The vulnerability requires local authentication and manual interaction but results in high-impact confidentiality disclosure with no available patch.

Information Disclosure Debian Juju Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-0928 Go HIGH POC PATCH This Week

In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution.

RCE Authentication Bypass Ubuntu Debian Juju +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-53513 Go HIGH POC PATCH This Week

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.

Information Disclosure Ubuntu Debian Juju Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-53512 Go MEDIUM POC PATCH This Month

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.

Information Disclosure Ubuntu Debian Juju Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-0092 Go MEDIUM PATCH This Month

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Juju
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-8038 Go MEDIUM PATCH This Month

Vulnerable juju introspection abstract UNIX domain socket. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Juju
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-8037 Go MEDIUM PATCH This Month

Vulnerable juju hook tool abstract UNIX domain socket. Rated medium severity (CVSS 6.5). This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Juju
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-7558 Go HIGH POC PATCH This Week

JUJU_CONTEXT_ID is a predictable authentication secret. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kubernetes Juju
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-6984 Go LOW POC PATCH Monitor

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Juju
NVD GitHub
CVSS 3.1
3.8
EPSS
0.4%
CVE-2017-9232 Go CRITICAL POC PATCH THREAT Act Now

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

Authentication Bypass Privilege Escalation Juju
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
81.6%
Threat
5.9
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Authorization bypass in Canonical Juju Controller facade allows authenticated users to extract bootstrap cloud credentials via CloudSpec API. Affects Juju 2.9.0-2.9.56 and 3.6.0-3.6.20. Low-privileged authenticated attackers can escalate privileges by accessing sensitive cloud provider credentials, enabling lateral movement to infrastructure resources. Network-accessible with low complexity (CVSS 9.9 Critical). No public exploit identified at time of analysis. Patch available in versions 2.9.57 and 3.6.21.

Authentication Bypass Juju
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Unauthorized resource modification in Juju application orchestration engine allows any authenticated controller user to tamper with application resources across the entire controller scope. Affects Juju 2.9.0-2.9.55 and 3.6.0-3.6.18. Patched in versions 2.9.56 and 3.6.19. EPSS score of 0.01% suggests low probability of mass exploitation. No active exploitation confirmed (not in CISA KEV). Authentication requirement (PR:L) limits attack surface to compromised credentials or malicious insiders.

Authentication Bypass Juju
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Juju application orchestration engine versions 2.9 to 2.9.55 and 3.6 to 3.6.18 allow a compromised workload machine to read arbitrary log files for any entity across any model without proper authorization checks. This authentication bypass (CWE-863) affects high-privilege scenarios where an attacker already controls a machine within a Juju-managed infrastructure, enabling lateral information disclosure to extract sensitive operational logs. The vulnerability has been patched in Juju 2.9.56 and 3.6.19.

Authentication Bypass Juju
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Unauthenticated remote database cluster compromise in Canonical Juju (versions 3.2.0-3.6.19 and 4.0-4.0.4) allows complete data exfiltration and manipulation through missing TLS certificate validation on Dqlite database endpoints. The controller's database cluster accepts unauthorized node joins from any network-accessible attacker, granting full read/write access to all stored credentials, configurations, and orchestration data. With CVSS 10.0 (AV:N/AC:L/PR:N/UI:N) and EPSS data unavailable, this represents a critical authentication bypass in infrastructure-as-code environments. No public exploit identified at time of analysis, though exploitation requires only network access to the Dqlite port without authentication complexity.

Information Disclosure Juju
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

A predictable secret identifier (XID) vulnerability in Juju versions 3.0.0 through 3.6.18 allows a malicious grantee to enumerate and predict previously granted secrets owned by the same administrator, enabling unauthorized access to resources intended for other applications. An attacker with high privileges and control over at least one deployed application can exploit this to obtain credentials or configuration data from past secret grants, resulting in information disclosure and potential privilege escalation. While the CVSS score is moderate at 6.6 and exploitation requires specific configuration and high privileges, the fundamental weakness in secret ownership verification represents a significant trust boundary violation in Juju's secret management architecture.

Information Disclosure Debian Juju +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An authorization bypass vulnerability in Canonical's Juju versions 3.0.0 through 3.6.18 allows authenticated users with grantee privileges to incorrectly update secret content beyond their intended permissions, potentially accessing or modifying other secrets. The vulnerability (CWE-863: Incorrect Authorization) has a CVSS score of 8.8, indicating high severity with network-based exploitation requiring low attack complexity and low privileges. The flaw is particularly dangerous because even when exploitation attempts are logged as errors, the unauthorized secret updates still persist and become visible to both owners and grantees.

Authentication Bypass Debian Juju +1
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

An authorization bypass vulnerability exists in the Vault secrets back-end implementation of Canonical's Juju orchestration tool, allowing authenticated unit agents to perform unauthorized updates to secret revisions beyond their intended scope. Juju versions 3.1.6 through 3.6.18 are affected, and attackers with sufficient information can poison any existing secret revision within the Vault secret back-end scope. With a CVSS score of 7.6 (High severity) featuring network attack vector, low complexity, and high integrity impact, this represents a significant security concern for Juju deployments using Vault as their secrets back-end, though no active exploitation (KEV) status or EPSS score was provided in available data.

Hashicorp Authentication Bypass Debian +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Juju 3.0.0 through 3.6.18 contains a race condition in secrets management that allows authenticated unit agents to intercept and claim ownership of newly created secrets due to a timing window between secret ID generation and revision creation. An attacker with valid unit agent credentials can exploit this to read the initial content of secrets intended for other units. The vulnerability requires local authentication and manual interaction but results in high-impact confidentiality disclosure with no available patch.

Information Disclosure Debian Juju +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution.

RCE Authentication Bypass Ubuntu +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.

Information Disclosure Ubuntu Debian +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.

Information Disclosure Ubuntu Debian +2
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Juju
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Vulnerable juju introspection abstract UNIX domain socket. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Juju
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerable juju hook tool abstract UNIX domain socket. Rated medium severity (CVSS 6.5). This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Juju
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC PATCH This Week

JUJU_CONTEXT_ID is a predictable authentication secret. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kubernetes Juju
NVD GitHub
EPSS 0% CVSS 3.8
LOW POC PATCH Monitor

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Juju
NVD GitHub
EPSS 82% 5.9 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

Authentication Bypass Privilege Escalation Juju
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy