Vulnerability Details CVE-2024-3250
It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.5%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2024-3250
-
cpe:2.3:a:canonical:pebble:1.1.1
-
cpe:2.3:a:canonical:pebble:1.10.0
-
cpe:2.3:a:canonical:pebble:1.10.1
-
cpe:2.3:a:canonical:pebble:1.2.0
-
cpe:2.3:a:canonical:pebble:1.3.0
-
cpe:2.3:a:canonical:pebble:1.4.0
-
cpe:2.3:a:canonical:pebble:1.4.2
-
cpe:2.3:a:canonical:pebble:1.5.0
-
cpe:2.3:a:canonical:pebble:1.6.0
-
cpe:2.3:a:canonical:pebble:1.7.0
-
cpe:2.3:a:canonical:pebble:1.7.1
-
cpe:2.3:a:canonical:pebble:1.7.2
-
cpe:2.3:a:canonical:pebble:1.7.4
-
cpe:2.3:a:canonical:pebble:1.8.0
-
cpe:2.3:a:canonical:pebble:1.9.0
-
cpe:2.3:a:canonical:pebble:1.9.1