CVE-2024-3250 - Vulnerability Details - OpenCVE

It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00053.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Canonical	Pebble

Configuration 1 [-]

OR	cpe:2.3:a:canonical:pebble::::::go::*
	cpe:2.3:a:canonical:pebble::::::go::*
	cpe:2.3:a:canonical:pebble::::::go::*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj
https://www.cve.org/CVERecord?id=CVE-2024-3250

History

Tue, 26 Aug 2025 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Canonical Canonical pebble
CPEs		cpe:2.3:a:canonical:pebble::::::go::*
Vendors & Products		Canonical Canonical pebble

Wed, 06 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-732
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2024-04-04T14:29:31.250Z

Updated: 2024-11-06T15:43:34.482Z

Reserved: 2024-04-03T00:52:42.379Z

Link: CVE-2024-3250

Vulnrichment

Updated: 2024-08-01T20:05:08.370Z

NVD

Status : Analyzed

Published: 2024-04-04T15:15:39.837

Modified: 2025-08-26T17:17:50.287

Link: CVE-2024-3250

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3250", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2024-04-03T00:52:42.379Z", "datePublished": "2024-04-04T14:29:31.250Z", "dateUpdated": "2024-11-06T15:43:34.482Z"}, "containers": {"cna": {"affected": [{"packageName": "pebble", "product": "Pebble", "vendor": "Canonical Ltd.", "repo": "https://github.com/canonical/pebble", "platforms": ["Linux"], "versions": [{"lessThan": "v1.10.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4."}], "references": [{"tags": ["issue-tracking"], "url": "https://www.cve.org/CVERecord?id=CVE-2024-3250"}, {"tags": ["issue-tracking"], "url": "https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}}], "credits": [{"lang": "en", "value": "Harry Pidcock", "type": "finder"}, {"lang": "en", "value": "Ben Hoyt", "type": "finder"}, {"lang": "en", "value": "Ben Hoyt", "type": "remediation developer"}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2024-04-04T21:38:49.356Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-732", "lang": "en", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-29T15:14:25.805027Z", "id": "CVE-2024-3250", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T15:43:34.482Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:08.370Z"}, "title": "CVE Program Container", "references": [{"tags": ["issue-tracking", "x_transferred"], "url": "https://www.cve.org/CVERecord?id=CVE-2024-3250"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cve.org/CVERecord?id=CVE-2024-3250", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj", "tags": ["issue-tracking", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:08.370Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3250", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-29T15:14:25.805027Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T15:14:31.614Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Harry Pidcock"}, {"lang": "en", "type": "finder", "value": "Ben Hoyt"}, {"lang": "en", "type": "remediation developer", "value": "Ben Hoyt"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/canonical/pebble", "vendor": "Canonical Ltd.", "product": "Pebble", "versions": [{"status": "affected", "version": "0", "lessThan": "v1.10.2", "versionType": "semver"}], "platforms": ["Linux"], "packageName": "pebble"}], "references": [{"url": "https://www.cve.org/CVERecord?id=CVE-2024-3250", "tags": ["issue-tracking"]}, {"url": "https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj", "tags": ["issue-tracking"]}], "descriptions": [{"lang": "en", "value": "It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4."}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2024-04-04T21:38:49.356Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3250", "state": "PUBLISHED", "dateUpdated": "2024-11-06T15:43:34.482Z", "dateReserved": "2024-04-03T00:52:42.379Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2024-04-04T14:29:31.250Z", "assignerShortName": "canonical"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:pebble:*:*:*:*:*:go:*:*", "matchCriteriaId": "FB0290DF-1704-4ABE-81FC-0D251CEB8A6F", "versionEndExcluding": "1.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:pebble:*:*:*:*:*:go:*:*", "matchCriteriaId": "A51F25E7-35D5-48EB-A11E-3AD1D6A90842", "versionEndExcluding": "1.7.3", "versionStartIncluding": "1.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:pebble:*:*:*:*:*:go:*:*", "matchCriteriaId": "FAB6EEDB-DD43-4779-87EF-8E724812F0B9", "versionEndExcluding": "1.10.2", "versionStartIncluding": "1.7.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4."}, {"lang": "es", "value": "Se descubri\u00f3 que la API de lectura de archivos del administrador de servicios Pebble de Canonical y el comando pebble pull asociado, antes de v1.10.2, permit\u00edan a los usuarios locales sin privilegios leer archivos con permisos equivalentes a root cuando Pebble se ejecutaba como root. Las correcciones tambi\u00e9n est\u00e1n disponibles como backports para v1.1.1, v1.4.2 y v1.7.4."}], "id": "CVE-2024-3250", "lastModified": "2025-08-26T17:17:50.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2024-04-04T15:15:39.837", "references": [{"source": "security@ubuntu.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://www.cve.org/CVERecord?id=CVE-2024-3250"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.cve.org/CVERecord?id=CVE-2024-3250"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}