Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 3 of 3 results


CVE-2020-26160

Medium priority
Needs evaluation

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud....

4 affected packages

golang-github-coreos-discovery-etcd-io, golang-github-dgrijalva-jwt-go, juju-core, telegraf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-github-coreos-discovery-etcd-io Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
golang-github-dgrijalva-jwt-go Not in release Not affected Needs evaluation Needs evaluation Needs evaluation
juju-core Not in release Not in release Not in release Not in release Not affected
telegraf Not in release Needs evaluation Not in release Not in release Not in release
Show less packages

CVE-2015-1316

Medium priority
Ignored

Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.

1 affected packages

juju-core

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
juju-core
Show less packages

CVE-2017-9232

High priority
Fixed

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.

2 affected packages

juju-core, juju-core-1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
juju-core Fixed
juju-core-1 Fixed
Show less packages