Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Timing ownership claim attack on new external back-end secrets
Vulnerability Description
A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit agent can claim ownership of a known secret. This leads to the attacking unit being able to read the content of the initial secret revision.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
不正确的属主授予
Vulnerability Title
Juju 安全漏洞
Vulnerability Description
Juju是Canonical Juju开源的一个开源应用程序编排引擎。 Juju 3.6.18及之前版本存在安全漏洞,该漏洞源于密钥管理子系统存在竞争条件,可能导致经过身份验证的单位代理获取新初始化密钥的所有权并读取其内容。
CVSS Information
N/A
Vulnerability Type
N/A