Lucene search

CanonicalCVELIST:CVE-2024-3250

HistoryApr 04, 2024 - 2:29 p.m.

CVE-2024-3250

2024-04-0414:29:31

canonical

www.cve.org

canonical

pebble service

local users

root permissions

security vulnerability

backports

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

It was discovered that Canonical’s Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4.

CNA Affected

[
  {
    "packageName": "pebble",
    "product": "Pebble",
    "vendor": "Canonical Ltd.",
    "repo": "https://github.com/canonical/pebble",
    "platforms": [
      "Linux"
    ],
    "versions": [
      {
        "lessThan": "v1.10.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj

www.cve.org/CVERecord?id=CVE-2024-3250

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-3250