| id: GO-2024-2692 |
| modules: |
| - module: github.com/canonical/pebble |
| versions: |
| - fixed: 1.1.1 |
| - introduced: 1.2.0 |
| - fixed: 1.4.2 |
| - introduced: 1.5.0 |
| - fixed: 1.7.3 |
| - introduced: 1.8.0 |
| - fixed: 1.10.2 |
| vulnerable_at: 1.10.1 |
| summary: Pebble service manager's file pull API allows access by any user in github.com/canonical/pebble |
| cves: |
| - CVE-2024-3250 |
| ghsas: |
| - GHSA-4685-2x5r-65pj |
| references: |
| - advisory: https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-3250 |
| - advisory: https://www.cve.org/CVERecord?id=CVE-2024-3250 |
| - fix: https://github.com/canonical/pebble/commit/4ca343d3889533143477e21c63867f2f3c3b5645 |
| - fix: https://github.com/canonical/pebble/commit/a5f6f062a11ea156697b854264385ff7e1985fd8 |
| - fix: https://github.com/canonical/pebble/commit/b8abd1ff0090f3e0749e81eb1fc3ea16ba95f514 |
| - fix: https://github.com/canonical/pebble/commit/cd326225b9b0be067da7d8858e2c912078cbbbd5 |
| - fix: https://github.com/canonical/pebble/pull/406 |
| source: |
| id: GHSA-4685-2x5r-65pj |
| created: 2024-05-17T16:14:05.567804-04:00 |
| review_status: UNREVIEWED |
