Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

juju — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in juju, with AI-generated Chinese analysis, references, and POCs.

This page provides a comprehensive aggregation of known security vulnerabilities for Juju, a cloud orchestration software developed by Canonical Ltd. It primarily addresses weakness categories such as improper input validation, insufficient access control, and privilege escalation flaws within the platform’s architecture. The collection encompasses publicly disclosed security advisories, patch notes, and third-party reports spanning from the software’s early releases up to the most recent updates in 2024. Here, users can systematically track Canonical’s vulnerability disclosure timeline and cross-reference it with industry-wide advisories to understand the full scope of exposure. The data allows administrators to investigate specific weakness classes that affect Juju components, such as the controller and client tools, offering detailed technical context for each identified issue. Additionally, individuals can look up the complete vulnerability history of the Juju product to assess long-term security trends and mitigation effectiveness. This resource serves as a centralized reference for security researchers, system administrators, and compliance officers seeking to evaluate the risk posture of Juju deployments. By consolidating these disparate sources, the page facilitates informed decision-making regarding upgrades, configuration changes, and remediation strategies. It aims to provide clarity on how identified flaws impact system integrity and availability, ensuring that stakeholders have access to accurate and timely information necessary for maintaining secure cloud environments.

Vendor: Ubuntu

CVE IDTitleCVSSSeverityPublished
CVE-2026-5412 Juju CloudSpec API could leak senstive information CWE-285 9.9 Critical2026-04-10
CVE-2026-5774 Juju API Server Denial of Service and Authentication Replay via Unsynchronized Token Map CWE-362 8.8 -2026-04-10
CVE-2025-68153 Juju: Resource poisoning CWE-863 6.5AIMediumAI2026-04-03
CVE-2025-68152 Juju: Read All Controller Logs From Compromised Workload CWE-863 6.5AIMediumAI2026-04-03
CVE-2026-4370 Improper TLS Client/Server authentication and certificate verification on Database Cluster CWE-295 10.0 Critical2026-04-01
CVE-2026-32694 Insecure Direct Object Reference attack via predictable secret ID in Juju CWE-343 6.6 Medium2026-03-18
CVE-2026-32693 Unauthorized access to Kubernetes secrets in Juju CWE-863 8.8 High2026-03-18
CVE-2026-32692 Unauthorized update of out-of-scope Vault secrets CWE-285 7.6 High2026-03-18
CVE-2026-32691 Timing ownership claim attack on new external back-end secrets CWE-708 5.3 Medium2026-03-18
CVE-2026-1237 Juju 安全漏洞 CWE-672 8.8AIHighAI2026-01-28
CVE-2025-0928 Arbitrary executable upload via authenticated endpoint CWE-285 8.8 High2025-07-08
CVE-2025-53513 Zip slip vulnerability in Juju CWE-24 8.8 High2025-07-08
CVE-2025-53512 Sensitive log retrieval in Juju CWE-200 6.5 Medium2025-07-08
CVE-2023-0092 编号已被CVE保留 4.9 Medium2025-01-31
CVE-2024-8038 Juju 安全漏洞 CWE-420 7.9 High2024-10-02
CVE-2024-8037 Juju 安全漏洞 6.5 Medium2024-10-02
CVE-2024-7558 Juju 安全漏洞 CWE-337 8.7 High2024-10-02
CVE-2024-6984 Juju 安全漏洞 CWE-209 8.8 High2024-07-29
CVE-2015-1316 Juju Joyent provider uploads user's private ssh key by default 5.3 -2019-04-22

All 19 known CVE vulnerabilities affecting juju with full Chinese analysis, references, and POCs where available.