RubyGems package
puppet
pkg:gem/puppet
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2011-3870 | — | >= 2.7.0, < 2.7.5 | 2.7.5 | Oct 27, 2011 | Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. | ||
| CVE-2011-3869 | — | >= 2.7.0, < 2.7.5 | 2.7.5 | Oct 27, 2011 | Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. | ||
| CVE-2010-0156 | — | >= 0.24.0, < 0.24.9 | 0.24.9 | Mar 3, 2010 | Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file. |
- CVE-2011-3870Oct 27, 2011affected >= 2.7.0, < 2.7.5fixed 2.7.5
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.
- CVE-2011-3869Oct 27, 2011affected >= 2.7.0, < 2.7.5fixed 2.7.5
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.
- CVE-2010-0156Mar 3, 2010affected >= 0.24.0, < 0.24.9fixed 0.24.9
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.
Page 2 of 2