Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:ebuild/app-admin/puppet@2.7.11
purl pkg:ebuild/app-admin/puppet@2.7.11
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (9)
Vulnerability Summary Aliases
VCID-2jc8-n1j4-m7c6 Puppet Privilege Escallation The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups. CVE-2012-1053
GHSA-77hg-g8cc-5r37
VCID-72s2-y7m6-kuf6 Multiple vulnerabilities have been found in Puppet, the worst of which might allow local attackers to gain escalated privileges. CVE-2012-1054
VCID-a7cn-eqbq-qyb1 Puppet uses predictable filenames, allowing arbitrary file overwrite Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. CVE-2011-3871
GHSA-mpmx-gm5v-q789
VCID-absc-ndrs-yqep Multiple vulnerabilities have been found in Puppet, the worst of which might allow local attackers to gain escalated privileges. CVE-2009-3564
VCID-fdk4-8wtn-nqct Multiple vulnerabilities have been found in Puppet, the worst of which might allow local attackers to gain escalated privileges. CVE-2011-3848
VCID-jhkk-5euf-uked Improper Link Resolution Before File Access ('Link Following') Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. CVE-2011-3869
GHSA-8c56-v25w-f89c
VCID-txx3-3fzg-33cp Improper Link Resolution Before File Access ('Link Following') Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. CVE-2011-3870
GHSA-qh3g-27jf-3j54
VCID-vrzs-81t1-jyax Multiple vulnerabilities have been found in Puppet, the worst of which might allow local attackers to gain escalated privileges. CVE-2011-3872
VCID-ww8x-tzxr-4qbn Improper Link Resolution Before File Access ('Link Following') Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file. CVE-2010-0156
GHSA-vrh7-99jh-3fmm

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T13:02:57.591563+00:00 Gentoo Importer Fixing VCID-72s2-y7m6-kuf6 https://security.gentoo.org/glsa/201203-03 38.0.0
2026-04-01T13:02:57.573648+00:00 Gentoo Importer Fixing VCID-2jc8-n1j4-m7c6 https://security.gentoo.org/glsa/201203-03 38.0.0
2026-04-01T13:02:57.560912+00:00 Gentoo Importer Fixing VCID-vrzs-81t1-jyax https://security.gentoo.org/glsa/201203-03 38.0.0
2026-04-01T13:02:57.550518+00:00 Gentoo Importer Fixing VCID-a7cn-eqbq-qyb1 https://security.gentoo.org/glsa/201203-03 38.0.0
2026-04-01T13:02:57.537707+00:00 Gentoo Importer Fixing VCID-txx3-3fzg-33cp https://security.gentoo.org/glsa/201203-03 38.0.0
2026-04-01T13:02:57.525268+00:00 Gentoo Importer Fixing VCID-jhkk-5euf-uked https://security.gentoo.org/glsa/201203-03 38.0.0
2026-04-01T13:02:57.512852+00:00 Gentoo Importer Fixing VCID-fdk4-8wtn-nqct https://security.gentoo.org/glsa/201203-03 38.0.0
2026-04-01T13:02:57.499069+00:00 Gentoo Importer Fixing VCID-ww8x-tzxr-4qbn https://security.gentoo.org/glsa/201203-03 38.0.0
2026-04-01T13:02:57.487734+00:00 Gentoo Importer Fixing VCID-absc-ndrs-yqep https://security.gentoo.org/glsa/201203-03 38.0.0