It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 26 Aug 2025 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Canonical
Canonical pebble
CPEs cpe:2.3:a:canonical:pebble:*:*:*:*:*:go:*:*
Vendors & Products Canonical
Canonical pebble

Wed, 06 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-732
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2024-11-06T15:43:34.482Z

Reserved: 2024-04-03T00:52:42.379Z

Link: CVE-2024-3250

cve-icon Vulnrichment

Updated: 2024-08-01T20:05:08.370Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-04T15:15:39.837

Modified: 2025-08-26T17:17:50.287

Link: CVE-2024-3250

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.