2 matches found
GHSA-4685-2X5R-65PJ Pebble service manager's file pull API allows access by any user
Impact Note: "Pebble" here refers to Canonical's service manager, not the Let's Encrypt ACME test server. The API behind pebble pull, used to read files from the workload container by Juju charms, allows access from any user, instead of just admin. In Juju Kubernetes sidecar charms, Pebble and th...
GHSA-65PC-76PQ-PVF5 Duplicate Advisory: Pebble service manager's file pull API allows access by any user
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4685-2x5r-65pj. This link is maintained to preserve external references. Original Description It was discovered that Pebble's read-file API and the associated pebble pull command, before v1.10.2, allowed...