CVE Vulnerabilities

CVE-2011-3871

Published: Oct 27, 2011 | Modified: Jul 10, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.2 MEDIUM
AV:L/AC:H/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in –edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.

Affected Software

Name Vendor Start Version End Version
Puppet Puppetlabs 2.7.0 2.7.0
Puppet Puppetlabs 2.7.1 2.7.1
Puppet Puppet 2.6.0 2.6.0
Puppet Puppet 2.6.1 2.6.1
Puppet Puppet 2.6.2 2.6.2
Puppet Puppet 2.6.3 2.6.3
Puppet Puppet 2.6.4 2.6.4
Puppet Puppet 2.6.5 2.6.5
Puppet Puppet 2.6.6 2.6.6
Puppet Puppet 2.6.7 2.6.7
Puppet Puppet 2.6.8 2.6.8
Puppet Puppet 2.6.9 2.6.9
Puppet Puppet 2.6.10 2.6.10
Puppet Puppet 2.7.2 2.7.2
Puppet Puppet 2.7.3 2.7.3
Puppet Puppet 2.7.4 2.7.4

References