JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 26 Aug 2025 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Canonical
Canonical juju
Weaknesses CWE-330
CWE-335
CPEs cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*
Vendors & Products Canonical
Canonical juju

Wed, 02 Oct 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 02 Oct 2024 10:30:00 +0000

Type Values Removed Values Added
Description JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.
Weaknesses CWE-1391
CWE-337
CWE-340
References
Metrics cvssV3_1

{'score': 8.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2024-10-02T13:59:04.171Z

Reserved: 2024-08-06T13:45:13.579Z

Link: CVE-2024-7558

cve-icon Vulnrichment

Updated: 2024-10-02T13:58:58.178Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-02T11:15:11.460

Modified: 2025-08-26T17:42:37.967

Link: CVE-2024-7558

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.