Описание
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.
Ссылки
- Patch
- PatchVendor Advisory
- Patch
- Patch
- PatchVendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:puppet:puppet:0.24.3:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.24.4:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.24.5:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.24.6:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.24.6:rc1:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.24.6:rc2:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.24.7:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.24.7:rc2:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.24.8:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.24.8:rc1:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.25.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.25.0:beta1:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.25.0:beta2:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.25.0:rc1:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.25.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.25.1:rc1:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.25.1:rc2:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.25.2:rc1:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.25.2:rc2:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:0.25.2:rc3:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00042
Низкий
3.3 Low
CVSS2
Дефекты
CWE-59
Связанные уязвимости
ubuntu
почти 16 лет назад
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.
debian
почти 16 лет назад
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local user ...
fstec
почти 14 лет назад
Уязвимости операционной системы Gentoo Linux, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS
Процентиль: 13%
0.00042
Низкий
3.3 Low
CVSS2
Дефекты
CWE-59