CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9312
https://notcve.org/view.php?id=CVE-2024-9312
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. • https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2 https://www.cve.org/CVERecord?id=CVE-2024-9312 • CWE-286: Incorrect User Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9313
https://notcve.org/view.php?id=CVE-2024-9313
Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. El módulo PAM de Authd anterior a la versión 0.3.5 puede permitir que los usuarios administrados por el broker se hagan pasar por cualquier otro usuario administrado por el mismo broker y realicen cualquier operación PAM con él, incluida la autenticación como ellos. • https://github.com/ubuntu/authd/security/advisories/GHSA-x5q3-c8rm-w787 https://www.cve.org/CVERecord?id=CVE-2024-9313 •
CVSS: 7.9EPSS: 0%CPEs: 5EXPL: 0CVE-2024-8038
https://notcve.org/view.php?id=CVE-2024-8038
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks. • https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq https://www.cve.org/CVERecord?id=CVE-2024-8038 • CWE-420: Unprotected Alternate Channel •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-8037
https://notcve.org/view.php?id=CVE-2024-8037
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. • https://github.com/juju/juju/security/advisories/GHSA-8v4w-f4r9-7h6x https://www.cve.org/CVERecord?id=CVE-2024-8037 • CWE-276: Incorrect Default Permissions •
CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-7558
https://notcve.org/view.php?id=CVE-2024-7558
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm. • https://github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4 https://www.cve.org/CVERecord?id=CVE-2024-7558 • CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG) CWE-340: Generation of Predictable Numbers or Identifiers CWE-1391: Use of Weak Credentials •