Vulnerability Report: GO-2024-2692
- CVE-2024-3250, GHSA-4685-2x5r-65pj
- Affects: github.com/canonical/pebble
- Published: Jun 04, 2024
- Unreviewed
Pebble service manager's file pull API allows access by any user in github.com/canonical/pebble
For detailed information about this vulnerability, visit https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj, https://nvd.nist.gov/vuln/detail/CVE-2024-3250, or https://www.cve.org/CVERecord?id=CVE-2024-3250.
Affected Modules
-
PathGo Versions
-
before v1.1.1, from v1.2.0 before v1.4.2, from v1.5.0 before v1.7.3, from v1.8.0 before v1.10.2
Aliases
References
- https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj
- https://nvd.nist.gov/vuln/detail/CVE-2024-3250
- https://www.cve.org/CVERecord?id=CVE-2024-3250
- https://github.com/canonical/pebble/commit/4ca343d3889533143477e21c63867f2f3c3b5645
- https://github.com/canonical/pebble/commit/a5f6f062a11ea156697b854264385ff7e1985fd8
- https://github.com/canonical/pebble/commit/b8abd1ff0090f3e0749e81eb1fc3ea16ba95f514
- https://github.com/canonical/pebble/commit/cd326225b9b0be067da7d8858e2c912078cbbbd5
- https://github.com/canonical/pebble/pull/406
- https://vuln.go.dev/ID/GO-2024-2692.json
Feedback
This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.
See anything missing or incorrect?
Suggest an edit to this report.