CVE-2024-7558

Description

JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.

CVSS v3.1 Score

8.7

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H

Weakness Type (CWE)

CWE-337 CWE-337

CWE-340 CWE-340

CWE-1391 CWE-1391

CWE-330 CWE-330

CWE-335 CWE-335

Affected Products

Vendor	Product	Versions
canonical	juju	< 2.9.51
canonical	juju	3.1.0 — 3.1.10
canonical	juju	3.2.0 — 3.2.4
canonical	juju	3.3.0 — 3.3.7
canonical	juju	3.4 — 3.4.6
canonical	juju	3.5.0 — 3.5.4

References

Advisories & Patches

https://github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4

Exploits

https://github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4

Other References

https://www.cve.org/CVERecord?id=CVE-2024-7558

Frequently Asked Questions

What is CVE-2024-7558? +

JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm. It has a CVSS v3.1 base score of 8.7 (HIGH).

How severe is CVE-2024-7558? +

CVE-2024-7558 has a CVSS v3.1 score of 8.7 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2024-7558? +

CVE-2024-7558 affects products from canonical, specifically: juju. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-7558? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-7770

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated …

CVE-2025-55069 8.3

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. …

CVE-2025-62710 5.9

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using …

CVE-2025-20613 3.3

Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to …

CVE-2024-22194 2.2

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An …

CVE-2024-36388 10.0

MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function