| CVE-2017-9232 |
critical |
9.8 |
10.0 |
|
|
|
9y ago |
Juju uses a UNIX domain socket without setting appropriate permissions in github.com/juju/juju |
| CVE-2026-5412 |
medium |
6.5 |
6.5 |
|
|
|
2mo ago |
Juju: CloudSpec method leaking cloud credentials |
| CVE-2026-5774 |
unknown |
— |
— |
|
|
|
2mo ago |
Juju: In-Memory Token Store for Discharge Tokens Lacks Concurrency Safety and Persistence |
| CVE-2025-68153 |
unknown |
— |
— |
|
|
|
2mo ago |
Juju has a resource poisoning vulnerability in github.com/juju/juju |
| CVE-2025-68152 |
unknown |
— |
— |
|
|
|
2mo ago |
Juju: Read All Controller Logs From Compromised Workload |
| CVE-2026-4370 |
unknown |
— |
— |
|
|
|
2mo ago |
Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster |
| CVE-2026-32694 |
unknown |
— |
— |
|
|
|
3mo ago |
Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets in github.com/juju/juju |
| CVE-2026-32693 |
unknown |
— |
— |
|
|
|
3mo ago |
Juju has unauthorized access to out-of-scope Kubernetes secrets in github.com/juju/juju |
| CVE-2026-32692 |
unknown |
— |
— |
|
|
|
3mo ago |
Juju has unauthorized update of out-of-scope Vault secrets in github.com/juju/juju |
| CVE-2026-32691 |
unknown |
— |
— |
|
|
|
3mo ago |
Juju affected by timing ownership claim attack on new external back-end secrets in github.com/juju/juju |
| CVE-2026-1237 |
unknown |
— |
— |
|
|
|
4mo ago |
Juju has broken CMR authorization in github.com/juju/juju |
| CVE-2025-0928 |
unknown |
— |
— |
|
|
|
11mo ago |
Juju allows arbitrary executable uploads via authenticated endpoint without authorization in github.com/juju/juju |
| CVE-2025-53512 |
unknown |
— |
— |
|
|
|
11mo ago |
Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization in github.com/juju/juju |
| CVE-2025-53513 |
unknown |
— |
— |
|
|
|
11mo ago |
Juju zip slip vulnerability via authenticated endpoint in github.com/juju/juju |
| CVE-2024-8038 |
unknown |
— |
— |
|
|
|
2y ago |
Vulnerable juju introspection abstract UNIX domain socket in github.com/juju/juju |
| CVE-2024-8037 |
unknown |
— |
— |
|
|
|
2y ago |
Vulnerable juju hook tool abstract UNIX domain socket in github.com/juju/juju |
| CVE-2024-7558 |
unknown |
— |
— |
|
|
|
2y ago |
JUJU_CONTEXT_ID is a predictable authentication secret in github.com/juju/juju |
| CVE-2024-6984 |
unknown |
— |
— |
|
|
|
2y ago |
CVE-2024-6984 in github.com/juju/juju |
| CVE-2023-0092 |
unknown |
— |
— |
|
|
|
3y ago |
Juju controller - Arbitrary file reading vulnerability |
