Duplicate Advisory: Pebble service manager's file pull API allows access by any user
Moderate severity
GitHub Reviewed
Published
Apr 4, 2024
to the GitHub Advisory Database
•
Updated Apr 5, 2024
Withdrawn
This advisory was withdrawn on Apr 5, 2024
Package
Affected versions
< 1.1.1
Patched versions
1.1.1
Description
Published by the National Vulnerability Database
Apr 4, 2024
Published to the GitHub Advisory Database
Apr 4, 2024
Reviewed
Apr 5, 2024
Withdrawn
Apr 5, 2024
Last updated
Apr 5, 2024
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-4685-2x5r-65pj. This link is maintained to preserve external references.
Original Description
It was discovered that Pebble's read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4.
References