Search for packages
| purl | pkg:gem/puppet@2.6 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2jc8-n1j4-m7c6
Aliases: CVE-2012-1053 GHSA-77hg-g8cc-5r37 |
Puppet Privilege Escallation The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups. |
Affected by 19 other vulnerabilities. Affected by 19 other vulnerabilities. |
|
VCID-pgg8-9sk2-57ee
Aliases: CVE-2012-1989 GHSA-c5qq-g673-5p49 |
Low severity vulnerability that affects puppet telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log). |
Affected by 19 other vulnerabilities. |
|
VCID-tetf-xa1u-uffv
Aliases: CVE-2012-1906 GHSA-c4mc-49hq-q275 |
Puppet uses predictable filenames, allowing arbitrary file overwrite Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp. |
Affected by 19 other vulnerabilities. Affected by 19 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||