Lucene search

[email protected]NVD:CVE-2024-27294

HistoryFeb 29, 2024 - 11:15 p.m.

CVE-2024-27294

2024-02-2923:15:08

CWE-732

[email protected]

web.nvd.nist.gov

cve-2024-27294

dp-golang

puppet module

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

0.0004 Low

EPSS

Percentile

15.5%

JSON

dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive, go1.4-bootstrap-20170518.tar.gz, or go1.4-bootstrap-20170531.tar.gz. The user and group specified in Puppet code were ignored for files within the archive. dp-puppet version 1.2.7 will recreate installations if the owner or group of any file or directory within that installation does not match the requested owner or group

References

github.com/danielparks/puppet-golang/commit/1d0865b24071cb1c00d2fd8cb755d444e6e8f888

github.com/danielparks/puppet-golang/commit/870724a7fef50208515da7bbfa9dfd5d6950e7f5

github.com/danielparks/puppet-golang/security/advisories/GHSA-8h8m-h98f-vv84

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for NVD:CVE-2024-27294

prion1 cve1 osv1 cvelist1