This flaw allows unauthenticated attackers to join the Juju controller's Dqlite database cluster due to missing TLS client and server certificate validation. Attackers with network reachability to the Dqlite port can exploit this issue to gain full access. Successful exploitation results in complete read and write compromise of all Juju controller data.
Remediation
Upgrade Juju to version 3.6.20 or later for 3.x branches, and 4.0.5 or later for 4.x branches. Restrict network access to the Dqlite port to only trusted cluster nodes until patching is complete. Verify the integrity of your database after patching to rule out tampering.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.