Missing Authorization

CVE-2017-9232

High

9.8/10

Summary

The package Juju uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root. This issue affects versions through 1.25.11, 1.26-alpha1 through 1.26-alpha3, 2.0-alpha1 through 2.0.3, and 2.1-beta1 through 2.1.2, 2.2-alpha1, 2.2-beta1 through 2.2-beta4.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-862 - Missing Authorization

The missing authorization vulnerability occurs when a software program allows users to access privileged parts of the program without verifying the user credentials. Impact of such a vulnerability depends on the resources employed by the software, ranging from account takeover to sensitive information exposure, denial of service, and complete system takeover.

References

Advisory
Issue
POC/Exploit
Pull request

Advisory Timeline

Published May 28, 2017

Missing Authorization

CVE-2017-9232

Summary

CWE-862 - Missing Authorization

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS