9 matches found
CVE-2024-27294
dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...
CVE-2024-27294
dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...
Out-of-bounds
dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...
CVE-2024-27294 dp-golang Go installation could be owned by wrong user
dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...
CVE-2024-27294
CVE-2024-27294 concerns the Go/Puppet toolchain issue for the dp-golang module. Affected: dp-golang prior to 1.2.7, used with Puppet running as root on macOS (Go versions 1.4.3–1.21rc3; specific bootstrap tarballs). Root cause: files within the Go installation could be created with incorrect owne...
CVE-2024-27294 dp-golang Go installation could be owned by wrong user
dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...
CVE-2024-27294 dp-golang Go installation could be owned by wrong user
dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...
Puppet Security Vulnerabilities
Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the United States, which can be used to manage configuration files, users, cron tasks, packages, system services, and so on. A security vulnerability exists in Puppet versions prior to...
PT-2024-21801 · Puppet +1 · Puppet +1
Name of the Vulnerable Software and Affected Versions: dp-golang versions prior to 1.2.7 Description: The issue arises when dp-golang is used to install Go, potentially leading to files being installed with incorrect ownership. This occurs when Puppet is run as root and the installed package is o...