Skip to main content

Pebble

4 CVEs product

Monthly

CVE-2024-3250 Go MEDIUM PATCH This Month

It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Canonical Pebble
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2012-4023 MEDIUM This Month

CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Pebble
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-4022 MEDIUM This Month

Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Pebble
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2012-5170 MEDIUM This Month

Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Pebble
NVD
CVSS 2.0
5.8
EPSS
0.5%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Canonical Pebble
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Pebble
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Pebble
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Pebble
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy