CVE-2017-9232
Description
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
81.605
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| next generation service orchestration system (USN-3300-1) juju_2.0.2-0ubuntu0.16.04.2_all.deb | Linux |
| next generation service orchestration system (USN-3300-1) juju_2.0.2-0ubuntu0.16.10.2_amd64.deb | Linux |
| next generation service orchestration system (USN-3300-1) juju_1.25.6-0ubuntu1.14.04.2_all.deb | Linux |
| next generation service orchestration system (USN-3300-1) juju-2.0_2.0.2-0ubuntu0.16.04.2_i386.deb | Linux |
| next generation service orchestration system (USN-3300-1) juju-2.0_2.0.2-0ubuntu0.16.04.2_amd64.deb | Linux |
| next generation service orchestration system (USN-3300-1) juju-2.0_2.0.2-0ubuntu0.16.10.2_amd64.deb | Linux |
| next generation service orchestration system (USN-3300-1) juju-core_1.25.6-0ubuntu1.14.04.2_i386.deb | Linux |
| next generation service orchestration system (USN-3300-1) juju-core_1.25.6-0ubuntu1.14.04.2_amd64.deb | Linux |
| next generation service orchestration system (USN-3300-1) juju-local_1.25.6-0ubuntu1.14.04.2_all.deb | Linux |
| next generation service orchestration system (USN-3300-1) juju-local-kvm_1.25.6-0ubuntu1.14.04.2_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234