Vulnerabilities > Puppet > Puppet > 2.6.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-10-27 | CVE-2011-3871 | Permissions, Privileges, and Access Controls vulnerability in multiple products Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. | 6.2 |
2011-10-27 | CVE-2011-3870 | Link Following vulnerability in multiple products Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. | 6.3 |
2011-10-27 | CVE-2011-3869 | Link Following vulnerability in multiple products Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. | 6.3 |
2011-10-27 | CVE-2011-3848 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25. | 5.0 |