pkg:Go/github.com/juju/juju

33 total CVEsCRITICAL4HIGH14MEDIUM13

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2026-4370Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster
    from 0, <= 0.0.0-20260401092550-1c1ac1922b57
  • CRITICAL9.9CVE-2026-5412Juju: CloudSpec method leaking cloud credentials
    from 0, < 0.0.0-20260408003526-d395054dc2c3
  • CRITICAL9.8CVE-2017-9232Juju uses a UNIX domain socket without setting appropriate permissions in github.com/juju/juju
    from 0, < 0.0.0-20170524231039-0417178a3c28
  • CRITICAL9.8CVE-2017-9232Juju uses a UNIX domain socket without setting appropriate permissions in github.com/juju/juju
    from 0, < 0.0.0-20170524231039-0417178a3c28
  • HIGH8.8CVE-2026-32693Juju has unauthorized access to out-of-scope Kubernetes secrets
    >= 0.0.0-20221021155847-35c560704ee2, < 0.0.0-20260319091847-d06919eb03ec
  • HIGH8.8CVE-2026-32693Juju has unauthorized access to out-of-scope Kubernetes secrets
    >= 0.0.0-20221021155847-35c560704ee2, < 0.0.0-20260319091847-d06919eb03ec
  • HIGH8.8CVE-2025-0928Juju allows arbitrary executable uploads via authenticated endpoint without authorization
    from 0, < 0.0.0-20250619215741-4034aa13c7cf
  • HIGH8.8CVE-2025-0928Juju allows arbitrary executable uploads via authenticated endpoint without authorization
    from 0
  • HIGH8.8CVE-2025-53513Juju zip slip vulnerability via authenticated endpoint in github.com/juju/juju
    from 0, < 0.0.0-20250619215741-6356e984b82a
  • HIGH8.8CVE-2025-53513Juju zip slip vulnerability via authenticated endpoint in github.com/juju/juju
    from 0, < 0.0.0-20250619215741-6356e984b82a
  • HIGH8.8CVE-2024-6984CVE-2024-6984 in github.com/juju/juju
    from 0
  • HIGH8.8CVE-2024-6984CVE-2024-6984 in github.com/juju/juju
    from 0, < 2.9.50
  • HIGH8.7CVE-2024-7558JUJU_CONTEXT_ID is a predictable authentication secret in github.com/juju/juju
    from 0, < 0.0.0-20240826044107-ecd7e2d0e986
  • HIGH8.7CVE-2024-7558JUJU_CONTEXT_ID is a predictable authentication secret in github.com/juju/juju
    from 0, < 0.0.0-20240826044107-ecd7e2d0e986
  • HIGH7.9CVE-2024-8038Vulnerable juju introspection abstract UNIX domain socket
    from 0
  • HIGH7.9CVE-2024-8038Vulnerable juju introspection abstract UNIX domain socket
    from 0, < 0.0.0-20240829052008-43f0fc59790d
  • HIGH7.6CVE-2026-32692Juju has unauthorized update of out-of-scope Vault secrets
    >= 0.0.0-20230919230135-f6a66aa91eec, < 0.0.0-20260319091847-d06919eb03ec
  • HIGH7.6CVE-2026-32692Juju has unauthorized update of out-of-scope Vault secrets
    >= 0.0.0-20230919230135-f6a66aa91eec, < 0.0.0-20260319091847-d06919eb03ec
  • MEDIUM6.6CVE-2026-32694Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets
    >= 0.0.0-20221021155847-35c560704ee2, < 0.0.0-20260319091847-d06919eb03ec
  • MEDIUM6.6CVE-2026-32694Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets
    >= 0.0.0-20221021155847-35c560704ee2, < 0.0.0-20260319091847-d06919eb03ec
  • MEDIUM6.5CVE-2025-68153Juju has a resource poisoning vulnerability
    from 0, < 0.0.0-20260120044552-26ff93c903d5
  • MEDIUM6.5CVE-2025-68153Juju has a resource poisoning vulnerability
    from 0, < 0.0.0-20260120044552-26ff93c903d5
  • MEDIUM6.5CVE-2025-53512Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization in github.com/juju/juju
    from 0, < 0.0.0-20250619024904-402ff008dcc2
  • MEDIUM6.5CVE-2025-53512Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization in github.com/juju/juju
    from 0, < 0.0.0-20250619024904-402ff008dcc2
  • MEDIUM6.5CVE-2024-8037Vulnerable juju hook tool abstract UNIX domain socket in github.com/juju/juju
    from 0, < 0.0.0-20240820065804-2f2ec128ef5a
  • MEDIUM6.5CVE-2024-8037Vulnerable juju hook tool abstract UNIX domain socket in github.com/juju/juju
    from 0, < 0.0.0-20240820065804-2f2ec128ef5a
  • MEDIUM6.4CVE-2026-5774Juju: In-Memory Token Store for Discharge Tokens Lacks Concurrency Safety and Persistence
    from 0, < 0.0.0-20260408003526-d395054dc2c3
  • MEDIUM5.3CVE-2026-32691Juju affected by timing ownership claim attack on new external back-end secrets
    >= 3.0.0, < 3.6.19
  • MEDIUM5.3CVE-2026-32691Juju affected by timing ownership claim attack on new external back-end secrets
    from 0
  • MEDIUM4.9CVE-2025-68152Juju: Read All Controller Logs From Compromised Workload
    from 0, < 0.0.0-20250623030540-c91a1f404695
  • MEDIUM4.9CVE-2023-0092Juju controller - Arbitrary file reading vulnerability
    >= 2.9.22, < 2.9.38
  • CVE-2026-1237Juju has broken CMR authorization in github.com/juju/juju
    from 0, <= 0.0.0-20260127110037-9b1a0e53a4a4
  • CVE-2026-1237Juju has broken CMR authorization in github.com/juju/juju
    from 0