Home > Vulnerability Database > CVE-2024-8038

Mend.io Vulnerability Database

CVE-2024-8038

Date: October 2, 2024

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.

Language: Go

Severity Score

7.9

Related Resources (8)

Url: https://github.com/juju/juju

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8038

Url: https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq

Url: https://github.com/juju/juju/commit/43f0fc59790d220a457d4d305f484f62be556d3b

Url: https://www.cve.org/CVERecord?id=CVE-2024-8038

Url: https://github.com/juju/juju/blob/725800953aaa29dbeda4f806097bf838e61644dd/worker/introspection/worker.go#L125

Url: https://pkg.go.dev/vuln/GO-2024-3175

Url: https://www.mend.io/vulnerability-database/CVE-2024-8038

Severity Score

7.9

Weakness Type (CWE)

Unprotected Alternate Channel

CWE-420

CVSS v3.1

Base Score:	7.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8038

Date: October 2, 2024

Language: Go

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?