Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 3:45 a.m.15 views

CVE-2024-27294

dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...

7.8CVSS7AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 2024/02/29 11:15 p.m.23 views

CVE-2024-27294

dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...

7.8CVSS7.2AI score0.00234EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 11:15 p.m.14 views

Out-of-bounds

dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...

4.3CVSS7.5AI score0.00234EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/29 10:47 p.m.12 views

CVE-2024-27294 dp-golang Go installation could be owned by wrong user

dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...

7.3CVSS7.3AI score0.00234EPSS
Exploits0References3
CVE
CVE
added 2024/02/29 10:47 p.m.91 views

CVE-2024-27294

CVE-2024-27294 concerns the Go/Puppet toolchain issue for the dp-golang module. Affected: dp-golang prior to 1.2.7, used with Puppet running as root on macOS (Go versions 1.4.3–1.21rc3; specific bootstrap tarballs). Root cause: files within the Go installation could be created with incorrect owne...

7.8CVSS7.2AI score0.00234EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/02/29 10:47 p.m.26 views

CVE-2024-27294 dp-golang Go installation could be owned by wrong user

dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...

7.3CVSS7.4AI score0.00234EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/02/29 10:47 p.m.39 views

CVE-2024-27294 dp-golang Go installation could be owned by wrong user

dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...

7.3CVSS7.4AI score0.00234EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/29 12:0 a.m.3 views

PT-2024-21801 · Puppet +1 · Puppet +1

Name of the Vulnerable Software and Affected Versions: dp-golang versions prior to 1.2.7 Description: The issue arises when dp-golang is used to install Go, potentially leading to files being installed with incorrect ownership. This occurs when Puppet is run as root and the installed package is o...

7.8CVSS7.2AI score0.00234EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.3 views

Puppet Security Vulnerabilities

Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the United States, which can be used to manage configuration files, users, cron tasks, packages, system services, and so on. A security vulnerability exists in Puppet versions prior to...

7.8CVSS6.7AI score0.00234EPSS
Exploits0References2
Rows per page
Query Builder