Lucene search

K
nvd[email protected]NVD:CVE-2011-3871
HistoryOct 27, 2011 - 8:55 p.m.

CVE-2011-3871

2011-10-2720:55:01
CWE-264
web.nvd.nist.gov

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0

Percentile

5.1%

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.

Affected configurations

NVD
Node
puppetpuppetMatch2.6.0
OR
puppetpuppetMatch2.6.1
OR
puppetpuppetMatch2.6.2
OR
puppetpuppetMatch2.6.3
OR
puppetpuppetMatch2.6.4
OR
puppetpuppetMatch2.6.5
OR
puppetpuppetMatch2.6.6
OR
puppetpuppetMatch2.6.7
OR
puppetpuppetMatch2.6.8
OR
puppetpuppetMatch2.6.9
OR
puppetpuppetMatch2.6.10
OR
puppetpuppetMatch2.7.2
OR
puppetpuppetMatch2.7.3
OR
puppetpuppetMatch2.7.4
OR
puppetlabspuppetMatch2.7.0
OR
puppetlabspuppetMatch2.7.1
Node
puppetpuppetMatch0.25.0
OR
puppetpuppetMatch0.25.1
OR
puppetpuppetMatch0.25.2
OR
puppetpuppetMatch0.25.3
OR
puppetpuppetMatch0.25.4
OR
puppetpuppetMatch0.25.5
OR
puppetpuppetMatch0.25.6

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0

Percentile

5.1%