VulnerableCode Package Details - pkg:deb/ubuntu/juju-core@1.17.1-0ubuntu2

Search for packages

Package details: pkg:deb/ubuntu/juju-core@1.17.1-0ubuntu2

Essentials
History (0)

purl	pkg:deb/ubuntu/juju-core@1.17.1-0ubuntu2

Next non-vulnerable version	2.3.7-0ubuntu0.16.04.1
Latest non-vulnerable version	2.3.7-0ubuntu0.16.04.1
Risk	10.0

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-7pd5-hyg7-aaab Aliases: CVE-2017-9232 GHSA-j3hp-pv6v-rgrx	Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.	1.25.6-0ubuntu1.14.04.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 2.0.2-0ubuntu0.16.04.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-gt63-t28m-aaak Aliases: CVE-2020-26160 GHSA-w73w-5m7g-f7qc	jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.	2.3.7-0ubuntu0.16.04.1 Affected by 0 other vulnerabilities.
VCID-tag6-x1jf-aaar Aliases: CVE-2015-1316	Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.	1.24.7-0ubuntu1~14.04.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-7pd5-hyg7-aaab
Aliases:
CVE-2017-9232
GHSA-j3hp-pv6v-rgrx

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.

1.25.6-0ubuntu1.14.04.2
Affected by 1 other vulnerability.

2.0.2-0ubuntu0.16.04.2
Affected by 1 other vulnerability.

VCID-gt63-t28m-aaak
Aliases:
CVE-2020-26160
GHSA-w73w-5m7g-f7qc

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.

2.3.7-0ubuntu0.16.04.1
Affected by 0 other vulnerabilities.

VCID-tag6-x1jf-aaar
Aliases:
CVE-2015-1316

Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.

1.24.7-0ubuntu1~14.04.1
Affected by 2 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version