Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses

Filter by:

With package: pebble

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2024-3250

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 6 months ago

It was discovered that Canonical's Pebble service manager read-file API …

It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4.

References

https://www.cve.org/CVERecord?id=CVE-2024-3250 issue-tracking
https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj issue-tracking
https://www.cve.org/CVERecord?id=CVE-2024-3250 issue-tracking
https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj issue-tracking
https://www.cve.org/CVERecord?id=CVE-2024-3250 issue-tracking
https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj issue-tracking
https://www.cve.org/CVERecord?id=CVE-2024-3250 issue-tracking x_transferred
https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj issue-tracking x_transferred
https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj issue-tracking
https://www.cve.org/CVERecord?id=CVE-2024-3250 issue-tracking
https://www.cve.org/CVERecord?id=CVE-2024-3250 issue-tracking x_transferred
https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj issue-tracking x_transferred

Affected products

pebble

<v1.10.2

Matching in nixpkgs

pkgs.pebble

Small RFC 8555 ACME test server

nixos-unstable -
- nixpkgs-unstable 2.6.0

pkgs.python312Packages.pebble

API to manage threads and processes within an application

nixos-unstable -
- nixpkgs-unstable 5.1.3

pkgs.python313Packages.pebble

API to manage threads and processes within an application

nixos-unstable -
- nixpkgs-unstable 5.1.3

Package maintainers

@emilazy Emily <nixpkgs@emily.moe>
@arianvp Arian van Putten <arian.vanputten@gmail.com>
@m1cr0man Lucas Savva <lucas+nix@m1cr0man.com>
@aanderse Aaron Andersen <aaron@fosslib.net>
@flokli Florian Klink <flokli@flokli.de>
@orivej Orivej Desh <orivej@gmx.fr>

1