CVE-2023-0092

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-0092

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0092.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-0092

Aliases

GHSA-x5rv-w9pm-8qp8

Published

2025-01-31T02:15:28.550Z

Modified

2026-04-10T04:53:48.857558Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

References

Affected packages

Git / github.com/juju/juju

Affected ranges

Type

GIT

Repo

https://github.com/juju/juju

Events

Introduced

07164c4b2c6a9f5b576b1c151bd85dd3a699be16

Fixed

6d211be0d72d6f4d625c61c7c4ddb4e9325226c8

Introduced

35c560704ee254219ae0c4a37810bde5278e99bb

Fixed

e53f8d9fd2d78a0cf3a36a0e4f0d79ec8f35243c

Fixed

ef803e2a13692d355b784b7da8b4b1f01dab1556

Database specific

{
    "versions": [
        {
            "introduced": "2.9.22"
        },
        {
            "fixed": "2.9.38"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.0.3"
        }
    ]
}

Affected versions

juju-2.*

juju-2.9.22

juju-2.9.23

juju-2.9.24

juju-2.9.25

juju-2.9.26

juju-2.9.27

juju-2.9.28

juju-2.9.29

juju-2.9.30

juju-2.9.31

juju-2.9.32

juju-2.9.33

juju-2.9.34

juju-2.9.35

juju-2.9.36

juju-2.9.37

juju-3.*

juju-3.0.0

juju-3.0.1

juju-3.0.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0092.json"