6.9
CVE-2012-1053
- EPSS 0.04%
- Veröffentlicht 29.05.2012 20:55:07
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Puppetlabs ≫ Puppet Version2.7.0
Puppetlabs ≫ Puppet Version2.7.1
Puppet ≫ Puppet Enterprise Version1.2.0
Puppet ≫ Puppet Enterprise Version1.2.1
Puppet ≫ Puppet Enterprise Version1.2.2
Puppet ≫ Puppet Enterprise Version1.2.3
Puppet ≫ Puppet Enterprise Version1.2.4
Puppet ≫ Puppet Enterprise Version2.0.0
Puppet ≫ Puppet Enterprise Version2.0.1
Puppet ≫ Puppet Enterprise Version2.0.2
Puppetlabs ≫ Puppet Enterprise Users Version1.0
Puppetlabs ≫ Puppet Enterprise Users Version1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Typ | Quelle | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.04% | 0.101 |
Quelle | Base Score | Exploit Score | Impact Score | Vector String |
---|---|---|---|---|
nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|