6.2

CVE-2011-3871

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PuppetPuppet Version2.6.0
PuppetPuppet Version2.6.1
PuppetPuppet Version2.6.2
PuppetPuppet Version2.6.3
PuppetPuppet Version2.6.4
PuppetPuppet Version2.6.5
PuppetPuppet Version2.6.6
PuppetPuppet Version2.6.7
PuppetPuppet Version2.6.8
PuppetPuppet Version2.6.9
PuppetPuppet Version2.6.10
PuppetPuppet Version2.7.2
PuppetPuppet Version2.7.3
PuppetPuppet Version2.7.4
PuppetlabsPuppet Version2.7.0
PuppetlabsPuppet Version2.7.1
PuppetPuppet Version0.25.0
PuppetPuppet Version0.25.1
PuppetPuppet Version0.25.2
PuppetPuppet Version0.25.3
PuppetPuppet Version0.25.4
PuppetPuppet Version0.25.5
PuppetPuppet Version0.25.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.34% 0.254
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.2 1.9 10
AV:L/AC:H/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.debian.org/security/2011/dsa-2314
http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
Patch
http://secunia.com/advisories/46458
Vendor Advisory
http://www.ubuntu.com/usn/USN-1223-1
http://www.ubuntu.com/usn/USN-1223-2
https://puppet.com/security/cve/cve-2011-3871