What is CVE-2024-8038?

CVE-2024-8038 is a high-severity vulnerability in Canonical Ltd. Juju, classified under Unprotected Alternate Channel. CVSS score: 7.9/10. Published 2024-10-02.

How severe is CVE-2024-8038?

High severity. CVSS v3 base score is 7.9 out of 10.

Vulnerability in Canonical Ltd. Juju

CVE-2024-8038

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.

EPSS: 0.001 (22.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.9 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H.

Affected products

Canonical Ltd. Juju — versions 3.5, 3.4, 3.3

Weakness classification (CWE)

CWE-420 — Unprotected Alternate Channel

References

github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq (issue-tracking)
www.cve.org/CVERecord (issue-tracking)

Frequently asked questions

What is CVE-2024-8038?: CVE-2024-8038 is a high-severity vulnerability in Canonical Ltd. Juju, classified under Unprotected Alternate Channel. CVSS score: 7.9/10. Published 2024-10-02.
How severe is CVE-2024-8038?: High severity. CVSS v3 base score is 7.9 out of 10.