CVE-2024-8037: 
Linux openSUSE vulnerability analysis and mitigation

CVE-2024-8037 is a security vulnerability in the Juju hook tool that affects the UNIX domain socket implementation. The vulnerability was discovered and disclosed on October 2, 2024, affecting multiple versions of Juju including 3.5.3 and earlier, 3.4.5 and earlier, 3.3.6 and earlier, 3.2.4 and earlier, 3.1.9 and earlier, and 2.9.50 and earlier (GitHub Advisory).

The vulnerability exists in the abstract UNIX domain socket implementation of the Juju hook tool. It has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H. The vulnerability is associated with CWE-276 (Incorrect Default Permissions) and requires local access with low privileges to exploit (GitHub Advisory).

When successfully exploited, the vulnerability allows any user on the local system with access to the default network namespace to connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket. This connection enables the attacker to perform actions that are normally restricted to a juju charm, potentially compromising the system's security controls (GitHub Advisory).

The vulnerability has been patched in Juju versions 3.5.4, 3.4.6, 3.3.7, 3.1.10, and 2.9.51. The fix was implemented through patch 2f2ec12. No workarounds are available for this vulnerability, making it critical for affected users to upgrade to the patched versions (GitHub Advisory).