GHSA-65pc-76pq-pvf5 – github.com/canonical/pebble

Package

Manager: go
Name: github.com/canonical/pebble
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Pebble service manager's file pull API allows access by any user ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4685-2x5r-65pj. This link is maintained to preserve external references. ## Original Description It was discovered that Pebble's read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4.

Metadata

Created: 2024-04-04T15:30:34Z
Modified: 2024-04-05T15:06:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-65pc-76pq-pvf5/GHSA-65pc-76pq-pvf5.json
CWE IDs: []
Alternative ID: N/A
Finding: N/A
Auto approve: 0