Vulnerabilities > Puppet > Puppet
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-10-27 | CVE-2011-3848 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25. | 5.0 |
2010-03-03 | CVE-2010-0156 | Link Following vulnerability in Puppet Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file. | 3.3 |