VYPR
Low severityNVD Advisory· Published Mar 3, 2010· Updated Jun 16, 2026

CVE-2010-0156

CVE-2010-0156

Description

Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
puppetRubyGems
>= 0.24.0, < 0.24.90.24.9
puppetRubyGems
>= 0.25.0, < 0.25.20.25.2

Affected products

21
  • cpe:2.3:a:puppet:puppet:0.24.3:*:*:*:*:*:*:*+ 19 more
    • cpe:2.3:a:puppet:puppet:0.24.3:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.24.4:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.24.5:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.24.6:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.24.6:rc1:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.24.6:rc2:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.24.7:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.24.7:rc2:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.24.8:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.24.8:rc1:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.25.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.25.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.25.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.25.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.25.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.25.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.25.1:rc2:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.25.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.25.2:rc2:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:0.25.2:rc3:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 0.24.0, < 0.24.9

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.