Juju — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in Juju, with AI-generated Chinese analysis, references, and POCs.

Vendor: Ubuntu

CVE ID	Title	CVSS	Severity	Published
CVE-2026-5412	Juju CloudSpec API could leak senstive information CWE-285	9.9	Critical	2026-04-10
CVE-2026-5774	Juju API Server Denial of Service and Authentication Replay via Unsynchronized Token Map CWE-362	8.8	-	2026-04-10
CVE-2025-68153	Juju: Resource poisoning CWE-863	6.5^AI	Medium^AI	2026-04-03
CVE-2025-68152	Juju: Read All Controller Logs From Compromised Workload CWE-863	6.5^AI	Medium^AI	2026-04-03
CVE-2026-4370	Improper TLS Client/Server authentication and certificate verification on Database Cluster CWE-295	10.0	Critical	2026-04-01
CVE-2026-32694	Insecure Direct Object Reference attack via predictable secret ID in Juju CWE-343	6.6	Medium	2026-03-18
CVE-2026-32693	Unauthorized access to Kubernetes secrets in Juju CWE-863	8.8	High	2026-03-18
CVE-2026-32692	Unauthorized update of out-of-scope Vault secrets CWE-285	7.6	High	2026-03-18
CVE-2026-32691	Timing ownership claim attack on new external back-end secrets CWE-708	5.3	Medium	2026-03-18
CVE-2026-1237	Juju 安全漏洞 CWE-672	8.8^AI	High^AI	2026-01-28
CVE-2025-0928	Arbitrary executable upload via authenticated endpoint CWE-285	8.8	High	2025-07-08
CVE-2025-53513	Zip slip vulnerability in Juju CWE-24	8.8	High	2025-07-08
CVE-2025-53512	Sensitive log retrieval in Juju CWE-200	6.5	Medium	2025-07-08
CVE-2023-0092	编号已被CVE保留	4.9	Medium	2025-01-31
CVE-2024-8038	Juju 安全漏洞 CWE-420	7.9	High	2024-10-02
CVE-2024-8037	Juju 安全漏洞	6.5	Medium	2024-10-02
CVE-2024-7558	Juju 安全漏洞 CWE-337	8.7	High	2024-10-02
CVE-2024-6984	Juju 安全漏洞 CWE-209	8.8	High	2024-07-29
CVE-2015-1316	Juju Joyent provider uploads user's private ssh key by default	5.3	-	2019-04-22

All 19 known CVE vulnerabilities affecting Juju with full Chinese analysis, references, and POCs where available.