Primary

Context

Juju Vault Secrets Back-End Authorization Bypass Vulnerability Allowing Unauthorized Secret Revision Updates

Vulnerability

Patched

A vulnerability allowing authorization bypass in the Vault secrets back-end of Juju has been identified. This issue affects Juju versions 3.1.6 through 3.6.18. The vulnerability allows an authenticated unit agent to make unauthorized updates to secret revisions. With enough information, an attacker could manipulate and 'poison' existing secret revisions within the affected Vault back-end.

Impact

Exploitation of this vulnerability allows an authenticated unit agent to unauthorizedly update any secret revision in the Vault back-end used by the unit's model. This could lead to 'poisoning' of existing secret revisions, potentially causing harm depending on how those secrets are used.

Remediation

Users can upgrade to Juju version 3.6.19 to address this vulnerability.

Added: Mar 18, 2026, 1:23 PM

Updated: Mar 18, 2026, 1:23 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.7

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.7

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Juju Vault Secrets Back-End Authorization Bypass Vulnerability Allowing Unauthorized Secret Revision Updates

Vulnerability

Impact

Remediation

Affected Products

Juju

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating