Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade github.com/juju/juju/worker/uniter/runner/context
to version 2.9.51, 3.1.10, 3.3.7, 3.4.6, 3.5.4 or higher.
Affected versions of this package are vulnerable to Improper Authentication via the JUJU_CONTEXT_ID
authentication secret. An attacker can gain unauthorized access to information and tools by guessing the predictable JUJU_CONTEXT_ID
value when connecting to an abstract domain socket within the same network namespace.
Note: There is no rate limiting on the abstract domain socket, the only limiting factor is time and memory.