Puppetlabs

Puppet

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2012-1987

  • EPSS 0.74%
  • Veröffentlicht 29.05.2012 20:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (m...

2.1

CVE-2012-1986

  • EPSS 0.37%
  • Veröffentlicht 29.05.2012 20:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbi...

3.3

CVE-2012-1906

  • EPSS 0.06%
  • Veröffentlicht 29.05.2012 20:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwr...

4.4

CVE-2012-1054

  • EPSS 0.07%
  • Veröffentlicht 29.05.2012 20:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k...

6.9

CVE-2012-1053

  • EPSS 0.04%
  • Veröffentlicht 29.05.2012 20:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which al...

5

CVE-2011-3848

  • EPSS 0.43%
  • Veröffentlicht 27.10.2011 20:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the...

2.6

CVE-2011-3872

  • EPSS 2.78%
  • Veröffentlicht 27.10.2011 20:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the cer...

6.2

CVE-2011-3871

  • EPSS 0.04%
  • Veröffentlicht 27.10.2011 20:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.

6.3

CVE-2011-3870

  • EPSS 0.03%
  • Veröffentlicht 27.10.2011 20:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.

6.3

CVE-2011-3869

  • EPSS 0.04%
  • Veröffentlicht 27.10.2011 20:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.