CVE-2025-53512
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-08-26
Assigner: Canonical Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| canonical | juju | to 2.9.52 (exc) |
| canonical | juju | From 3.0.0 (inc) to 3.6.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the /log endpoint of a Juju controller, where insufficient authorization checks allow unauthorized users to access debug messages. These debug messages may contain sensitive information that should not be exposed to unauthorized parties.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information through debug messages accessible via the /log endpoint. This exposure could potentially aid attackers in understanding system internals or gaining further access, thereby compromising confidentiality.