CVE-2026-32694

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the same secret owner to different grantees, allowing them to use the resources granted by those past secrets. Successful exploitation relies on a very specific configuration, specific data semantic, and the administrator having the need to deploy at least two different applications, one of them controlled by the attacker.

CVSS v3 6.6 MEDIUM

6.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.7 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/juju/juju/security/advisories/GHSA-5cj2-rqqf-hx9p	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-18 14:16

Updated : 2026-03-19 15:05

NVD link : CVE-2026-32694

Mitre link : CVE-2026-32694

CVE.ORG link : CVE-2026-32694

JSON object : View

Products Affected

canonical

juju

CWE

CWE-343

Predictable Value Range from Previous Values

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2026-32694", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@ubuntu.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}]}, "published": "2026-03-18T14:16:40.503", "references": [{"url": "https://github.com/juju/juju/security/advisories/GHSA-5cj2-rqqf-hx9p", "tags": ["Exploit", "Vendor Advisory"], "source": "security@ubuntu.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@ubuntu.com", "description": [{"lang": "en", "value": "CWE-343"}, {"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the same secret owner to different grantees, allowing them to use the resources granted by those past secrets. Successful exploitation relies on a very specific configuration, specific data semantic, and the administrator having the need to deploy at least two different applications, one of them controlled by the attacker."}, {"lang": "es", "value": "En Juju desde la versi\u00f3n 3.0.0 hasta la 3.6.18, cuando un propietario de secreto otorga permisos a un secreto a un beneficiario, el propietario del secreto se basa exclusivamente en un XID predecible del secreto para verificar la propiedad. Esto permite a un beneficiario malicioso que puede solicitar secretos predecir secretos pasados otorgados por el mismo propietario de secreto a diferentes beneficiarios, permiti\u00e9ndoles usar los recursos otorgados por esos secretos pasados. La explotaci\u00f3n exitosa se basa en una configuraci\u00f3n muy espec\u00edfica, una sem\u00e1ntica de datos espec\u00edfica y en que el administrador tenga la necesidad de desplegar al menos dos aplicaciones diferentes, una de ellas controlada por el atacante."}], "lastModified": "2026-03-19T15:05:34.183", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BAFE599-DF11-429B-9A8C-970BDB3065C8", "versionEndExcluding": "3.6.19", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@ubuntu.com"}