Description
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.
References (9)
Core 9
Core References
Patch vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
Patch vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2314
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46458
Various Sources x_refsource_confirm
https://puppet.com/security/cve/cve-2011-3871
Patch vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
Patch x_refsource_confirm
http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1223-1
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1223-2
Scores
EPSS
0.0004
EPSS Percentile
13.1%
Details
CWE
CWE-264
Status
published
Products (24)
puppet/puppet
2.6.0
puppet/puppet
2.6.1
puppet/puppet
2.6.2
puppet/puppet
2.6.3
puppet/puppet
2.6.4
puppet/puppet
2.6.5
puppet/puppet
2.6.6
puppet/puppet
2.6.7
puppet/puppet
2.6.8
puppet/puppet
2.6.9
... and 14 more
Published
Oct 27, 2011
Tracked Since
Feb 18, 2026