CVE-2026-32691

Published: Mar 18, 2026 Last Modified: Mar 18, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,3

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit agent can claim ownership of a known secret. This leads to the attacking unit being able to read the content of the initial secret revision.

708

Incorrect Ownership Assignment

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity

Potential Impacts:

Read Application Data Modify Application Data

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/juju/juju/security/advisories/GHSA-gfgr-…

https://github.com/juju/juju/security/advisories/GHSA-gfgr-6hrj-85ww

CVE-2026-32691

Description

Incorrect Ownership Assignment

Common Consequences

Applicable Platforms

Iscriviti alla newsletter