{"id":"CVE-2024-8037","details":"Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.","aliases":["GHSA-8v4w-f4r9-7h6x","GO-2024-3174"],"modified":"2026-05-18T05:57:22.073231043Z","published":"2024-10-02T10:12:32.318Z","related":["SUSE-SU-2024:3911-1","openSUSE-SU-2024:0350-1","openSUSE-SU-2024:14447-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/8xxx/CVE-2024-8037.json","cna_assigner":"canonical"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/8xxx/CVE-2024-8037.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8037"},{"type":"REPORT","url":"https://github.com/juju/juju/security/advisories/GHSA-8v4w-f4r9-7h6x"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2024-8037"},{"type":"PACKAGE","url":"https://github.com/juju/juju"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/juju/juju","events":[{"introduced":"ac860f7db4296273ea2cf213115ec2c229d57a07"},{"fixed":"bc4db7b86800c81014d5c9ec1dabedbc99137596"}]}],"versions":["v2.9.49","v2.9.48","v2.9.47","v2.9.46","v2.9.45","juju-2.9.44","juju-2.9.43","juju-2.9.42","juju-2.9.40","juju-2.9.41","juju-2.9.39","juju-2.9.38","juju-2.9.37","juju-2.9.36","juju-2.9.35","juju-2.9.34","juju-2.9.33","juju-2.9.32","juju-2.9.31","juju-2.9.30","juju-2.9.29","juju-2.9.28","juju-2.9.27","juju-2.9.26","juju-2.9.25","juju-2.9.24","juju-2.9.23","juju-2.9.22","juju-2.9.21","juju-","juju-2.9.20","juju-2.9.19","juju-2.9.18","juju-2.9.17","juju-2.9.16","juju-2.9.15","juju-2.9.14","juju-2.9.13","juju-2.9.12","juju-2.9.11","juju-2.9.10","juju-2.9.9","juju-2.9.8","juju-2.9.7","juju-2.9.6","juju-2.9.5","juju-2.9.4","juju-2.9.3","juju-2.9.2","juju-2.9.1","juju-2.9.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8037.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H"}]}