Lucene search
K

4 matches found

OSV
OSV
added 2024/04/05 3:3 p.m.62 views

GHSA-4685-2X5R-65PJ Pebble service manager's file pull API allows access by any user

Impact Note: "Pebble" here refers to Canonical's service manager, not the Let's Encrypt ACME test server. The API behind pebble pull, used to read files from the workload container by Juju charms, allows access from any user, instead of just admin. In Juju Kubernetes sidecar charms, Pebble and th...

6.5CVSS6.4AI score0.00201EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/04/05 3:3 p.m.30 views

Pebble service manager's file pull API allows access by any user

Impact Note: "Pebble" here refers to Canonical's service manager, not the Let's Encrypt ACME test server. The API behind pebble pull, used to read files from the workload container by Juju charms, allows access from any user, instead of just admin. In Juju Kubernetes sidecar charms, Pebble and th...

6.5CVSS6.5AI score0.00201EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2024/04/04 3:15 p.m.23 views

CVE-2024-3250

It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2,...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References2
OSV
OSV
added 2024/04/04 2:29 p.m.6 views

CVE-2024-3250

It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2,...

6.5CVSS6.4AI score0.00201EPSS
Exploits0References5
Rows per page
Query Builder