CVE-2023-0092

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/advisories/GHSA-x5rv-w9pm-8qp8	Vendor Advisory
https://github.com/juju/juju/commit/ef803e2a13692d355b784b7da8b4b1f01dab1556	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:canonical:juju::::::go::*
	cpe:2.3:a:canonical:juju::::::go::*

History

26 Aug 2025, 17:48

Type	Values Removed	Values Added
First Time		Canonical Canonical juju
CPE		cpe:2.3:a:canonical:juju::::::go::*
References	~~() https://github.com/advisories/GHSA-x5rv-w9pm-8qp8 -~~	() https://github.com/advisories/GHSA-x5rv-w9pm-8qp8 - Vendor Advisory
References	~~() https://github.com/juju/juju/commit/ef803e2a13692d355b784b7da8b4b1f01dab1556 -~~	() https://github.com/juju/juju/commit/ef803e2a13692d355b784b7da8b4b1f01dab1556 - Patch

07 Feb 2025, 16:15

Type	Values Removed	Values Added
Summary		(es) Un usuario autenticado que tiene acceso de lectura al modelo del controlador juju puede construir una solicitud remota para descargar un archivo arbitrario del sistema de archivos del controlador.
CWE		CWE-22

31 Jan 2025, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-31 02:15

Updated : 2025-08-26 17:48

NVD link : CVE-2023-0092

Mitre link : CVE-2023-0092

CVE.ORG link : CVE-2023-0092

JSON object : View

Products Affected

canonical

juju

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

4.9 /10