Lucene search

K
osvGoogleOSV:GHSA-QH3G-27JF-3J54
HistoryMay 14, 2022 - 12:56 a.m.

Puppet allows local users to modify the permissions of arbitrary files

2022-05-1400:56:54
Google
osv.dev
4
puppet
software
vulnerability
local user
file permission
modification

AI Score

6.3

Confidence

Low

EPSS

0

Percentile

5.1%

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.