We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Certificate generation in juju/utils using the cert.NewLeaf function could include private information. If this certificate were then transferred over the network in plaintext, an attacker listening on that network could sniff the certificate and trivially extract the private key from it.
Reserved 2025-06-18 | Published 2025-07-01 | Updated 2025-07-01 | Assigner canonicalCWE-312 Cleartext Storage of Sensitive Information
Josh McSavaney
github.com/.../utils/security/advisories/GHSA-h34r-jxqm-qgpr
Support options