Описание
A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2018.1.8 (включая) до 2023.8.4 (исключая)
Одно из
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2025.3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00052
Низкий
8.8 High
CVSS3
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 8.8
debian
8 месяцев назад
A user with specific node group editing permissions and a specially cr ...
CVSS3: 8.8
github
8 месяцев назад
A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.
EPSS
Процентиль: 17%
0.00052
Низкий
8.8 High
CVSS3
Дефекты
CWE-78