HarborGuard / CVE
Back to search
HIGHCVE-2026-32693Published Modified CNA canonical

CVE-2026-32693: Unauthorized access to Kubernetes secrets in Juju

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret is still updated contrary to expectations, and the new value is visible to both the owner and the grantee.

Metrics

CVSS v3.1
8.8
Severity
HIGH
Fixed in
3.6.19
Affected Products
1

Fix available

3.6.19
Affected packages
  • Canonical / Juju
    < 3.6.19 (from 3.0.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
CVE-2026-32693: Unauthorized access to Kubernetes secrets in Juju | HarborGuard CVE