CVE-2024-41129

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-41129

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41129.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41129

Aliases

GHSA-hcmv-jmqh-fjgm

Published

2024-07-22T15:15:03Z

Modified

2024-07-24T16:23:08.532609Z

Summary

[none]

Details

The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju (>=3.0), Juju secrets and not correctly capturing and processing subprocess.CalledProcessError. This vulnerability is fixed in 2.15.0.

References

Affected packages

Git / github.com/canonical/operator

Affected ranges

Type: GIT
Repo: https://github.com/canonical/operator
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fea6d2072435a62170d4c01272572f1a7e916e61

Affected versions

0.*

0.10.0

0.6.0

0.6.1

0.7.0

0.8.0

0.9.0

1.*

1.0.0

1.0.1

1.1.0

1.2.0

1.3.0

1.4.0

1.5.0

1.5.3

1.5.4

1.5beta1

2.*

2.0.0

2.0.0rc2

2.1.0

2.1.1

2.10.0

2.11.0

2.12.0

2.13.0

2.14.0

2.14.1

2.2.0

2.3.0

2.4.0

2.4.1

2.5.0

2.6.0

2.7.0

2.8.0

2.9.0