2017-05-28 02:29:00 2019-10-03 02:03:26

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE
Canonical Juju 2.1.0 Beta5 (not an official CPE) Canonical Juju 2.1.0 Beta4 (not an official CPE) Canonical Juju 2.1.0 Beta3 (not an official CPE) Canonical Juju 2.1.0 Beta2 (not an official CPE) Canonical Juju 2.1.0 Beta1 (not an official CPE) Canonical Juju 2.1.0 (not an official CPE) Canonical Juju 2.0.3 (not an official CPE) Canonical Juju 2.0.2 (not an official CPE) Canonical Juju 2.0.1 (not an official CPE) Canonical Juju 2.0.0 Rc3 (not an official CPE) Canonical Juju 2.0.0 Rc2 (not an official CPE) Canonical Juju 2.0.0 Rc1 (not an official CPE) Canonical Juju 2.0.0 Beta9 (not an official CPE) Canonical Juju 2.0.0 Beta8 (not an official CPE) Canonical Juju 2.0.0 Beta7 (not an official CPE) Canonical Juju 2.0.0 Beta6 (not an official CPE) Canonical Juju 2.0.0 Beta5 (not an official CPE) Canonical Juju 2.0.0 Beta4 (not an official CPE) Canonical Juju 2.0.0 Beta3 (not an official CPE) Canonical Juju 2.0.0 Beta2 (not an official CPE) Canonical Juju 2.0.0 Beta18 (not an official CPE) Canonical Juju 2.0.0 Beta17 (not an official CPE) Canonical Juju 2.0.0 Beta16 (not an official CPE) Canonical Juju 2.0.0 Beta15 (not an official CPE) Canonical Juju 2.0.0 Beta14 (not an official CPE) Canonical Juju 2.0.0 Beta13 (not an official CPE) Canonical Juju 2.0.0 Beta12 (not an official CPE) Canonical Juju 2.0.0 Beta11 (not an official CPE) Canonical Juju 2.0.0 Beta10 (not an official CPE) Canonical Juju 2.0.0 Beta1 (not an official CPE) Canonical Juju 2.1.0 Rc1 (not an official CPE) Canonical Juju 2.0.0 Alpha2 (not an official CPE) Canonical Juju 2.0.0 Alpha1 (not an official CPE) Canonical Juju 2.0.0 (not an official CPE) Canonical Juju 1.25.12 (not an official CPE) Canonical Juju 2.1.0 Rc2 (not an official CPE) Canonical Juju 2.1.1 (not an official CPE) Canonical Juju 2.1.2 (not an official CPE)