x/vulndb: potential Go vuln in github.com/juju/juju: CVE-2024-8038

[GoVulnBot]

Advisory CVE-2024-8038 references a vulnerability in the following Go modules:

Module
github.com/juju/juju

Description: Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.

References:

• ADVISORY: https://www.cve.org/CVERecord?id=CVE-2024-8038
• WEB: https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq

Cross references:

• github.com/juju/juju appears in 3 other report(s):
  • data/excluded/GO-2023-1598.yaml (https://github.com/golang/vulndb/issues/1598) NOT_IMPORTABLE
  • data/reports/GO-2024-3010.yaml (https://github.com/golang/vulndb/issues/3010)
  • data/reports/GO-2024-3040.yaml (https://github.com/golang/vulndb/issues/3040)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/juju/juju
      vulnerable_at: 0.0.0-20241001233705-e746c7c7fbf6
summary: CVE-2024-8038 in github.com/juju/juju
cves:
    - CVE-2024-8038
references:
    - advisory: https://www.cve.org/CVERecord?id=CVE-2024-8038
    - web: https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq
source:
    id: CVE-2024-8038
    created: 2024-10-02T12:01:20.859092319Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/619135 mentions this issue: data/reports: add 15 reports