{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8038", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2024-08-21T01:05:01.458Z", "datePublished": "2024-10-02T10:12:38.806Z", "dateUpdated": "2024-10-02T13:53:24.639Z"}, "containers": {"cna": {"affected": [{"packageName": "juju", "product": "Juju", "vendor": "Canonical Ltd.", "repo": "https://github.com/juju/juju", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "3.5", "lessThan": "3.5.4", "versionType": "semver"}, {"status": "affected", "version": "3.4", "lessThan": "3.4.6", "versionType": "semver"}, {"status": "affected", "version": "3.3", "lessThan": "3.3.7", "versionType": "semver"}, {"status": "affected", "version": "3.1", "lessThan": "3.1.10", "versionType": "semver"}, {"status": "affected", "version": "2.9", "lessThan": "2.9.51", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-420", "description": "CWE-420", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["issue-tracking"], "url": "https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq"}, {"tags": ["issue-tracking"], "url": "https://www.cve.org/CVERecord?id=CVE-2024-8038"}], "credits": [{"lang": "en", "type": "finder", "value": "Harry Pidcock"}, {"lang": "en", "value": "Harry Pidcock", "type": "remediation developer"}, {"lang": "en", "value": "Mark Esler", "type": "coordinator"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H", "baseScore": 7.9, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2024-10-02T10:12:38.806Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-02T13:52:58.112532Z", "id": "CVE-2024-8038", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T13:53:24.639Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8038", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-02T13:52:58.112532Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T13:53:15.437Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Harry Pidcock"}, {"lang": "en", "type": "remediation developer", "value": "Harry Pidcock"}, {"lang": "en", "type": "coordinator", "value": "Mark Esler"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"repo": "https://github.com/juju/juju", "vendor": "Canonical Ltd.", "product": "Juju", "versions": [{"status": "affected", "version": "3.5", "lessThan": "3.5.4", "versionType": "semver"}, {"status": "affected", "version": "3.4", "lessThan": "3.4.6", "versionType": "semver"}, {"status": "affected", "version": "3.3", "lessThan": "3.3.7", "versionType": "semver"}, {"status": "affected", "version": "3.1", "lessThan": "3.1.10", "versionType": "semver"}, {"status": "affected", "version": "2.9", "lessThan": "2.9.51", "versionType": "semver"}], "platforms": ["Linux"], "packageName": "juju"}], "references": [{"url": "https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq", "tags": ["issue-tracking"]}, {"url": "https://www.cve.org/CVERecord?id=CVE-2024-8038", "tags": ["issue-tracking"]}], "descriptions": [{"lang": "en", "value": "Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-420", "description": "CWE-420"}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2024-10-02T10:12:38.806Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8038", "state": "PUBLISHED", "dateUpdated": "2024-10-02T13:53:24.639Z", "dateReserved": "2024-08-21T01:05:01.458Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2024-10-02T10:12:38.806Z", "assignerShortName": "canonical"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*", "matchCriteriaId": "956F1957-34C5-47D9-B922-107963295A1F", "versionEndExcluding": "2.9.51", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*", "matchCriteriaId": "32122910-827A-438E-B1DD-42C8E24D7F5D", "versionEndExcluding": "3.1.10", "versionStartIncluding": "3.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA2EB481-D7FF-4A83-B7ED-A6FCE9AE1029", "versionEndIncluding": "3.2.4", "versionStartIncluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3C17769-1003-49A2-A87C-003A9E7E81CD", "versionEndExcluding": "3.3.7", "versionStartIncluding": "3.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*", "matchCriteriaId": "6693CCDC-308E-40B3-BC8A-F9A2320A06F9", "versionEndExcluding": "3.4.6", "versionStartIncluding": "3.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*", "matchCriteriaId": "62BC59FA-04DB-4AC3-977D-691ED721171F", "versionEndExcluding": "3.5.4", "versionStartIncluding": "3.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks."}, {"lang": "es", "value": "Socket de dominio UNIX abstracto de introspecci\u00f3n de juju vulnerable. Un socket de dominio UNIX abstracto responsable de la introspecci\u00f3n est\u00e1 disponible sin autenticaci\u00f3n localmente para los usuarios del espacio de nombres de la red. Esto permite ataques de denegaci\u00f3n de servicio."}], "id": "CVE-2024-8038", "lastModified": "2025-08-26T17:44:59.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 5.3, "source": "security@ubuntu.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-02T11:15:11.853", "references": [{"source": "security@ubuntu.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://www.cve.org/CVERecord?id=CVE-2024-8038"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-420"}], "source": "security@ubuntu.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}