Описание
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2.7.1-1ubuntu3 |
| hardy | not-affected | |
| lucid | released | 0.25.4-2ubuntu6.3 |
| maverick | released | 2.6.1-0ubuntu2.2 |
| natty | released | 2.6.4-2ubuntu2.3 |
| upstream | released | 2.6.11, 2.7.5 |
Показывать по
EPSS
6.2 Medium
CVSS2
Связанные уязвимости
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when runni ...
Puppet uses predictable filenames, allowing arbitrary file overwrite
Уязвимости операционной системы Gentoo Linux, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS
6.2 Medium
CVSS2