CNNVD-202507-1150 Information

CNNVD ID

CNNVD-202507-1150

Related CVE

CVE-2025-53513

• CNNVD Published: 2025-07-08

Description (Chinese)

Juju是Canonical Juju开源的一个开源应用程序编排引擎。 Juju存在安全漏洞，该漏洞源于/charms端点授权检查不足，可能导致任意用户上传特制charm，利用Zip Slip漏洞获取机器访问权限。

Description (English)

Juju is an open source application layout engine at Canonical Juju Open Source. There is a security loophole in Juju, which stems from inadequate/charms endpoint authorization checks, which may lead to the uploading of custom-made charm by random users and the use of Zip Slip to access machine access.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

Canonical Juju

Published

2025-07-08

Last Modified

2026-02-24

References

https://github.com/juju/juju/security/advisories/GHSA-24ch-w38v-xmh8 https://nvd.nist.gov/vuln/detail/CVE-2025-53513 https://access.redhat.com/security/cve/cve-2025-53513

Patch

https://github.com/juju/juju/releases