Comment 11 for bug 1999622

Juju 2.9.38 is in QA now. Still waiting on Juju 3.0.3 before making this public.

Seth, I'll have some specific tests this week.

Does this attack vector require an authenticated user?
Yes.

What model, controller, or cloud access settings are required to allow this attack to succeed?
User with read access on the controller.

What model, controller, or cloud access settings mean the user has code execution privileges?
Depends on the information read, effectively could read a private ssh key or /etc/shadow and possibly gain access that way.