An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 26 Aug 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Canonical
Canonical juju
CPEs cpe:2.3:a:canonical:juju:*:*:*:*:*:go:*:*
Vendors & Products Canonical
Canonical juju

Fri, 07 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 31 Jan 2025 02:15:00 +0000

Type Values Removed Values Added
Description An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2025-02-07T16:10:14.052Z

Reserved: 2023-01-05T20:43:04.614Z

Link: CVE-2023-0092

cve-icon Vulnrichment

Updated: 2025-02-07T16:10:01.326Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-31T02:15:28.550

Modified: 2025-08-26T17:48:55.930

Link: CVE-2023-0092

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.