Описание
On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-agent 1.12.1.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:puppet:mcollective-puppet-agent:1.12.0:*:*:*:*:puppet:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00388
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-732
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-agent 1.12.1.
EPSS
Процентиль: 59%
0.00388
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-732