{"id":"CVE-2023-0092","details":"An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.","aliases":["GHSA-x5rv-w9pm-8qp8"],"modified":"2026-04-10T04:53:48.857558Z","published":"2025-01-31T02:15:28.550Z","references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-x5rv-w9pm-8qp8"},{"type":"FIX","url":"https://github.com/juju/juju/commit/ef803e2a13692d355b784b7da8b4b1f01dab1556"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/juju/juju","events":[{"introduced":"07164c4b2c6a9f5b576b1c151bd85dd3a699be16"},{"fixed":"6d211be0d72d6f4d625c61c7c4ddb4e9325226c8"},{"introduced":"35c560704ee254219ae0c4a37810bde5278e99bb"},{"fixed":"e53f8d9fd2d78a0cf3a36a0e4f0d79ec8f35243c"},{"fixed":"ef803e2a13692d355b784b7da8b4b1f01dab1556"}],"database_specific":{"versions":[{"introduced":"2.9.22"},{"fixed":"2.9.38"},{"introduced":"3.0.0"},{"fixed":"3.0.3"}]}}],"versions":["juju-2.9.22","juju-2.9.23","juju-2.9.24","juju-2.9.25","juju-2.9.26","juju-2.9.27","juju-2.9.28","juju-2.9.29","juju-2.9.30","juju-2.9.31","juju-2.9.32","juju-2.9.33","juju-2.9.34","juju-2.9.35","juju-2.9.36","juju-2.9.37","juju-3.0.0","juju-3.0.1","juju-3.0.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0092.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}]}