Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2023-0092

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

Published: Jan 31, 2025
Updated: Nov 16, 2025
CVE: CVE-2023-0092
GHSA: GHSA-x5rv-w9pm-8qp8
Severity: Low
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-73
CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
github.com/juju/juju	2.9.22	2.9.38
github.com/juju/juju	3.0.0	3.0.3
canonical / juju	2.9.22	2.9.38
canonical / juju	3.0.0	3.0.3

https://bugs.launchpad.net/juju/+bug/1999622
https://github.com/advisories/GHSA-x5rv-w9pm-8qp8
https://github.com/juju/juju/commit/ef803e2a13692d355b784b7da8b4b1f01dab1556
https://github.com/juju/juju/security/advisories/GHSA-x5rv-w9pm-8qp8

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo