CVE-2011-3871

2011-10-0100:00:00

ubuntu.com

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in
–edit mode, uses a predictable file name, which allows local users to run
arbitrary Puppet code or trick a user into editing arbitrary files.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchpuppet< 0.25.4-2ubuntu6.3UNKNOWN
ubuntu10.10noarchpuppet< 2.6.1-0ubuntu2.2UNKNOWN
ubuntu11.04noarchpuppet< 2.6.4-2ubuntu2.3UNKNOWN