VulnerableCode Package Details - pkg:deb/debian/puppet@2.7.3-3?distro=bullseye

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-a7cn-eqbq-qyb1	Puppet uses predictable filenames, allowing arbitrary file overwrite Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.	CVE-2011-3871 GHSA-mpmx-gm5v-q789
VCID-jhkk-5euf-uked	Improper Link Resolution Before File Access ('Link Following') Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.	CVE-2011-3869 GHSA-8c56-v25w-f89c
VCID-txx3-3fzg-33cp	Improper Link Resolution Before File Access ('Link Following') Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.	CVE-2011-3870 GHSA-qh3g-27jf-3j54

Vulnerability

Summary

Aliases

VCID-a7cn-eqbq-qyb1

Puppet uses predictable filenames, allowing arbitrary file overwrite Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.

CVE-2011-3871
GHSA-mpmx-gm5v-q789

VCID-jhkk-5euf-uked

Improper Link Resolution Before File Access ('Link Following') Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.

CVE-2011-3869
GHSA-8c56-v25w-f89c

VCID-txx3-3fzg-33cp

Improper Link Resolution Before File Access ('Link Following') Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.

CVE-2011-3870
GHSA-qh3g-27jf-3j54

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:33:57.521729+00:00	Debian Importer	Fixing	VCID-txx3-3fzg-33cp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:38:36.312136+00:00	Debian Importer	Fixing	VCID-a7cn-eqbq-qyb1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:35:54.564587+00:00	Debian Importer	Fixing	VCID-jhkk-5euf-uked	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:53:04.796205+00:00	Debian Importer	Fixing	VCID-txx3-3fzg-33cp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:11:44.242224+00:00	Debian Importer	Fixing	VCID-a7cn-eqbq-qyb1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:09:41.539168+00:00	Debian Importer	Fixing	VCID-jhkk-5euf-uked	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:25.373402+00:00	Debian Importer	Fixing	VCID-a7cn-eqbq-qyb1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:25.353255+00:00	Debian Importer	Fixing	VCID-txx3-3fzg-33cp	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:25.333170+00:00	Debian Importer	Fixing	VCID-jhkk-5euf-uked	https://security-tracker.debian.org/tracker/data/json	38.1.0