漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper TLS Client/Server authentication and certificate verification on Database Cluster
Vulnerability Description
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client certificates when a new node attempts to join the cluster. An unauthenticated attacker with network reachability to the Juju controller's Dqlite port can exploit this flaw to join the database cluster. Once joined, the attacker gains full read and write access to the underlying database, allowing for total data compromise.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
证书验证不恰当
Vulnerability Title
Juju 安全漏洞
Vulnerability Description
Juju是Canonical Juju开源的一个开源应用程序编排引擎。 Juju 3.2.0至3.6.19版本和4.0至4.0.4版本存在安全漏洞,该漏洞源于内部Dqlite数据库集群未能执行正确的TLS客户端和服务器身份验证,可能导致未经身份验证的攻击者加入数据库集群并获取对底层数据库的完全读写访问权限。
CVSS Information
N/A
Vulnerability Type
N/A