Описание
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 2.0.1-1ubuntu1 |
| bionic | not-affected | 2.0.1-1ubuntu1 |
| cosmic | not-affected | 2.0.1-1ubuntu1 |
| devel | not-affected | 2.0.1-1ubuntu1 |
| disco | not-affected | 2.0.1-1ubuntu1 |
| eoan | not-affected | 2.0.1-1ubuntu1 |
| esm-apps/bionic | not-affected | 2.0.1-1ubuntu1 |
| esm-apps/focal | not-affected | 2.0.1-1ubuntu1 |
| esm-apps/jammy | not-affected | 2.0.1-1ubuntu1 |
| esm-apps/noble | not-affected | 2.0.1-1ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 2.5.2+dfsg-1 |
| cosmic | not-affected | 2.5.2+dfsg-1 |
| devel | DNE | |
| disco | not-affected | 2.5.2+dfsg-1 |
| eoan | not-affected | 2.5.2+dfsg-1 |
| esm-apps/bionic | not-affected | 2.5.2+dfsg-1 |
| esm-apps/focal | not-affected | 2.5.2+dfsg-1 |
| esm-apps/jammy | not-affected | 2.5.2+dfsg-1 |
| esm-apps/noble | not-affected | 2.5.2+dfsg-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 3.8.5-2 |
| bionic | not-affected | 3.8.5-2 |
| cosmic | not-affected | 3.8.5-2 |
| devel | DNE | |
| disco | not-affected | 3.8.5-2 |
| eoan | not-affected | 3.8.5-2 |
| esm-apps/bionic | not-affected | 3.8.5-2 |
| esm-apps/focal | not-affected | 3.8.5-2 |
| esm-apps/jammy | not-affected | 3.8.5-2 |
| esm-apps/xenial | not-affected | 3.8.5-2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE |
Показывать по
EPSS
6.2 Medium
CVSS2
Связанные уязвимости
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2. ...
facter, hiera, mcollective-client, and puppet affected by untrusted search path vulnerability
Уязвимости операционной системы Gentoo Linux, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS
6.2 Medium
CVSS2