漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Unauthorized update of out-of-scope Vault secrets
Vulnerability Description
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Vulnerability Type
授权机制不恰当
Vulnerability Title
Juju 安全漏洞
Vulnerability Description
Juju是Canonical Juju开源的一个开源应用程序编排引擎。 Juju 3.1.6至3.6.18版本存在安全漏洞,该漏洞源于Vault密钥后端实现存在授权绕过,可能导致经过身份验证的单位代理对密钥修订执行未经授权的更新。
CVSS Information
N/A
Vulnerability Type
N/A