Unrated severityNVD Advisory· Published Oct 6, 2009· Updated Jun 16, 2026
CVE-2009-3564
CVE-2009-3564
Description
puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:reductivelabs:puppet:0.24.6:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:reductivelabs:puppet:0.24.6:*:*:*:*:*:*:*
- (no CPE)range: = 0.24.6
Patches
Vulnerability mechanics
References
3- projects.reductivelabs.com/issues/1806nvdPatchVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdExploitIssue TrackingThird Party Advisory
- puppet.com/security/cve/cve-2009-3564nvdVendor Advisory
News mentions
0No linked articles in our index yet.