x/vulndb: potential Go vuln in github.com/juju/juju: CVE-2024-7558

[GoVulnBot]

Advisory CVE-2024-7558 references a vulnerability in the following Go modules:

Module
github.com/juju/juju

Description:
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.

References:

• ADVISORY: https://www.cve.org/CVERecord?id=CVE-2024-7558
• WEB: GHSA-mh98-763h-m9v4

Cross references:

• github.com/juju/juju appears in 3 other report(s):
  • data/excluded/GO-2023-1598.yaml (x/vulndb: potential Go vuln in github.com/juju/juju: GHSA-x5rv-w9pm-8qp8 #1598) NOT_IMPORTABLE
  • data/reports/GO-2024-3010.yaml (x/vulndb: potential Go vuln in github.com/juju/juju: CVE-2024-6984 #3010)
  • data/reports/GO-2024-3040.yaml (x/vulndb: potential Go vuln in github.com/juju/juju: GHSA-6vjm-54vp-mxhx #3040)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/juju/juju
      vulnerable_at: 0.0.0-20241001233705-e746c7c7fbf6
summary: CVE-2024-7558 in github.com/juju/juju
cves:
    - CVE-2024-7558
references:
    - advisory: https://www.cve.org/CVERecord?id=CVE-2024-7558
    - web: https://github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4
source:
    id: CVE-2024-7558
    created: 2024-10-02T12:01:19.27137178Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/619135 mentions this issue: data/reports: add 15 reports