CVE-2026-32693

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-32693

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32693.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-32693

Aliases

Downstream

SUSE-SU-2026:1135-1

Related

SUSE-SU-2026:1135-1

Published

2026-03-18T13:16:18.860Z

Modified

2026-04-10T05:42:24.949420Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret is still updated contrary to expectations, and the new value is visible to both the owner and the grantee.

References

https://github.com/juju/juju/security/advisories/GHSA-439w-v2p7-pggc

Affected packages

Git / github.com/juju/juju

Affected ranges

Type

GIT

Repo

https://github.com/juju/juju

Events

Introduced

35c560704ee254219ae0c4a37810bde5278e99bb

Fixed

5a261e58fcd3bd366b36229bfd1c46e6b3b61402

Database specific

{
    "versions": [
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.6.19"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32693.json"