Nixpkgs security tracker

Dismissed

Permalink CVE-2023-0092

4.9 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

updated 1 year, 2 months ago by @fricklerhandwerk Activity log

Created automatic suggestion 1 year, 2 months ago
@fricklerhandwerk dismissed 1 year, 2 months ago

An authenticated user who has read access to the juju …

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

References

https://github.com/advisories/GHSA-x5rv-w9pm-8qp8 issue-tracking
https://github.com/juju/juju/commit/ef803e2a13692d355b784b7da8b4b1f01dab1556 patch
https://github.com/advisories/GHSA-x5rv-w9pm-8qp8 issue-tracking
https://github.com/juju/juju/commit/ef803e2a13692d355b784b7da8b4b1f01dab1556 patch

Affected products

juju

<3.0.3
<2.9.38

Matching in nixpkgs

pkgs.juju

Open source modelling tool for operating software in the cloud

nixos-unstable 3.5.4
- nixpkgs-unstable 3.5.4
- nixos-unstable-small 3.5.4

Package maintainers

@RealityAnomaly Alex Zero <alex@arctarus.co.uk>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.juju

Package maintainers