Vulnerabilities > Puppet > Puppet > 2.6.8

DATE CVE VULNERABILITY TITLE RISK
2011-10-27 CVE-2011-3870 Link Following vulnerability in multiple products
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. 		6.3
6.3
2011-10-27 CVE-2011-3869 Link Following vulnerability in multiple products
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. 		6.3
6.3
2011-10-27 CVE-2011-3848 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.
network
low complexity
puppet puppetlabs CWE-22
5.0
5.0