- Notifications
You must be signed in to change notification settings - Fork563
Security: juju/juju
Security
SECURITY.md
Security updates will be released for versions thatreceive security updates.
Please provide a description of the issue, the steps you took tocreate the issue, affected versions, and, if known, mitigations forthe issue.
The preferred way to report a security issue is throughGitHub's security advisory for this project. SeePrivately reporting a securityvulnerabilityfor instructions on reporting using GitHub's security advisory feature.
TheUbuntu Security disclosure and embargopolicy contains moreinformation about how can contact us, what you can expect when you contact us,and what we expect from you.
- Zip slip via authenticated endpointGHSA-24ch-w38v-xmh8 published
Jul 8, 2025 bywallyworldHigh - Sensitive log retrieval via authenticated endpoint without authorizationGHSA-r64v-82fh-xc63 published
Jul 8, 2025 bywallyworldModerate - Arbitrary executable upload via authenticated endpoint without authorizationGHSA-4vc8-wvhw-m5gv published
Jul 8, 2025 bywallyworldHigh - Vulnerable juju introspection abstract UNIX domain socketGHSA-xwgj-vpm9-q2rq published
Oct 2, 2024 byhpidcockHigh - Vulnerable juju hook tool abstract UNIX domain socketGHSA-8v4w-f4r9-7h6x published
Oct 2, 2024 byhpidcockModerate - JUJU_CONTEXT_ID is a predictable authentication secretGHSA-mh98-763h-m9v4 published
Oct 2, 2024 byhpidcockHigh - Unprivileged user running on charm node can leak any secret or relation data accessible to the local charmGHSA-6vjm-54vp-mxhx published
Aug 5, 2024 byanvialHigh - Juju controller - Arbitrary file reading vulnerabilityGHSA-x5rv-w9pm-8qp8 published
Feb 15, 2023 bywallyworldModerate
Learn more about advisories related tojuju/juju in theGitHub Advisory Database