Juju Log File Access Vulnerability in Compromised Workload Machines

A vulnerability exists in Juju versions 2.9 prior to 2.9.56 and 3.6 prior to 3.6.19, allowing compromised workload machines under a Juju controller to access log files of any entity across all models and log levels. This issue arises because the log stream endpoint can be accessed without proper authorization checks, once a machine is compromised. The vulnerability has been patched in Juju versions 2.9.56 and 3.6.19.

Impact

Exploitation of this vulnerability allows for unauthorized access to log files from the Juju controller and all associated models, which could contain sensitive information or be used to facilitate further attacks.

Reproduction

To reproduce this vulnerability, first compromise a workload machine under a Juju controller. Once the machine is compromised, use the machine agent's credentials to authenticate and access the debug log endpoint via the API server. This endpoint, which is not properly secured, will stream logs from the controller and all models, bypassing authorization checks.

Remediation

Users can update to Juju versions 2.9.56 or 3.6.19 to address this vulnerability.