CVE-2025-53513
Zip slip vulnerability in Juju
In short
A flaw in Juju's charm upload system allows any logged-in user to upload malicious files that can escape their intended directory and gain unauthorized access to machines. This happens because the system doesn't properly check file paths when extracting charm archives.
Technical detail
The /charms endpoint lacks sufficient authorization validation, permitting any authenticated user to upload charms. A Zip Slip vulnerability (CWE-24) in archive extraction allows path traversal, enabling attackers to write files outside the intended directory and achieve code execution on machines running vulnerable units. Exploitation requires only valid controller credentials.
Summary generated and translated by AI from the official description.
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Canonical · JujuWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →