GHSA-89X7-5M5M-MCMM

Vulnerability from github – Published: 2026-03-19 17:32 – Updated: 2026-03-19 17:32
VLAI?
Summary
Juju has unauthorized update of out-of-scope Vault secrets
Details

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.

Impact

An authenticated unit agent can update any secret revision of a Vault back-end that the unit's model uses. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.

Patches

3.6.19

Severity ?
7.6 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/juju/juju"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0-20230919230135-f6a66aa91eec"
            },
            {
              "fixed": "0.0.0-20260319091847-d06919eb03ec"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32692"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-19T17:32:24Z",
    "nvd_published_at": "2026-03-18T13:16:18Z",
    "severity": "HIGH"
  },
  "details": "An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.\n\n\n### Impact\nAn authenticated unit agent can update any secret revision of a Vault back-end\nthat the unit\u0027s model uses. With sufficient information, an attacker can poison\nany existing secret revision within the scope of that Vault secret back-end.\n\n### Patches\n3.6.19",
  "id": "GHSA-89x7-5m5m-mcmm",
  "modified": "2026-03-19T17:32:24Z",
  "published": "2026-03-19T17:32:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/juju/juju/security/advisories/GHSA-89x7-5m5m-mcmm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32692"
    },
    {
      "type": "WEB",
      "url": "https://github.com/juju/juju/commit/d06919eb03ec68156818bcc304b5fe1c39a8f9e9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/juju/juju"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Juju has unauthorized update of out-of-scope Vault secrets"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.