CRITICAL🇵🇱 Wersja polska

CVE-2026-4370

CVSS 10.0v3.1pub. 2026-04-01upd. 2026-04-02

A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client certificates when a new node attempts to join the cluster. An unauthenticated attacker with network reachability to the Juju controller's Dqlite port can exploit this flaw to join the database cluster. Once joined, the attacker gains full read and write access to the underlying database, allowing for total data compromise.

🤖 AI Analysis
How it works

The Juju controller uses an internal Dqlite database cluster, which should require mutual TLS authentication (mTLS) when joining new nodes. The vulnerability exists because the database endpoint does not verify client certificates when a new node attempts to join the cluster. An attacker who is network-reachable on the Dqlite controller port can establish a connection without any credentials and register as a new cluster node. After successfully joining, the attacker gains full read and write permissions to the entire database.

Impact

An attacker can gain full read and write access to the Juju internal database, resulting in complete compromise of confidentiality and integrity of stored data, and potentially also takeover of control of the managed infrastructure.

Mitigation & patch

Juju should be updated to version 3.6.19 or newer (for the 3.x branch) or to version 4.0.4 or newer (for the 4.x branch). Additionally, it is recommended to restrict network access to the Dqlite controller port to trusted hosts only using a firewall or network rules.

Who is affected

Canonical Juju in versions from 3.2.0 to 3.6.18 (before 3.6.19) and in versions from 4.0 to 4.0.3 (before 4.0.4)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Canonical Juju

    APP
    Canonical
    3.2.0 – 3.6.20 (bez)4.0 – 4.0.5 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-5412CRITICAL9.9PL ✓ten sam produkt

Canonical Juju — nieuprawniony dostęp do poświadczeń chmury przez Controller facade

CVE-2017-9232CRITICAL9.8ten sam produkt

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appr...

CVE-2025-68153HIGH7.1ten sam produkt

Juju is an open source application orchestration engine that enables any application operation on any infrastr...

CVE-2026-32692HIGH7.6ten sam produkt

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 thro...

CVE-2026-32693HIGH8.8ten sam produkt

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correct...