Search CVE reports
1 – 3 of 3 results
CVE-2020-26160
Medium priorityjwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud....
4 affected packages
golang-github-coreos-discovery-etcd-io, golang-github-dgrijalva-jwt-go, juju-core, telegraf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
| golang-github-dgrijalva-jwt-go | Not in release | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
| juju-core | Not in release | Not in release | Not in release | Not in release | Not affected |
| telegraf | Not in release | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2015-1316
Medium priorityJuju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.
1 affected packages
juju-core
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| juju-core | — | — | — | — | — |
CVE-2017-9232
High priorityJuju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
2 affected packages
juju-core, juju-core-1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| juju-core | — | — | — | — | Fixed |
| juju-core-1 | — | — | — | — | Fixed |