Lucene search

MitreCVE-2010-0156

HistoryMar 03, 2010 - 7:30 p.m.

CVE-2010-0156

2010-03-0319:30:00

CWE-59

mitre

web.nvd.nist.gov

puppet

security

vulnerability

symlink attack

nvd

cve-2010-0156

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.1

Confidence

Low

EPSS

Percentile

5.1%

JSON

Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.

Affected configurations

Nvd

Node

puppetpuppetMatch0.24.3

puppetpuppetMatch0.24.4

puppetpuppetMatch0.24.5

puppetpuppetMatch0.24.6

puppetpuppetMatch0.24.6rc1

puppetpuppetMatch0.24.6rc2

puppetpuppetMatch0.24.7

puppetpuppetMatch0.24.7rc2

puppetpuppetMatch0.24.8

puppetpuppetMatch0.24.8rc1

puppetpuppetMatch0.25.0

puppetpuppetMatch0.25.0beta1

puppetpuppetMatch0.25.0beta2

puppetpuppetMatch0.25.0rc1

puppetpuppetMatch0.25.1

puppetpuppetMatch0.25.1rc1

puppetpuppetMatch0.25.1rc2

puppetpuppetMatch0.25.2rc1

puppetpuppetMatch0.25.2rc2

puppetpuppetMatch0.25.2rc3

VendorProductVersionCPE
puppetpuppet0.24.3cpe:2.3:a:puppet:puppet:0.24.3:*:*:*:*:*:*:*
puppetpuppet0.24.4cpe:2.3:a:puppet:puppet:0.24.4:*:*:*:*:*:*:*
puppetpuppet0.24.5cpe:2.3:a:puppet:puppet:0.24.5:*:*:*:*:*:*:*
puppetpuppet0.24.6cpe:2.3:a:puppet:puppet:0.24.6:*:*:*:*:*:*:*
puppetpuppet0.24.6cpe:2.3:a:puppet:puppet:0.24.6:rc1:*:*:*:*:*:*
puppetpuppet0.24.6cpe:2.3:a:puppet:puppet:0.24.6:rc2:*:*:*:*:*:*
puppetpuppet0.24.7cpe:2.3:a:puppet:puppet:0.24.7:*:*:*:*:*:*:*
puppetpuppet0.24.7cpe:2.3:a:puppet:puppet:0.24.7:rc2:*:*:*:*:*:*
puppetpuppet0.24.8cpe:2.3:a:puppet:puppet:0.24.8:*:*:*:*:*:*:*
puppetpuppet0.24.8cpe:2.3:a:puppet:puppet:0.24.8:rc1:*:*:*:*:*:*

Vendor	Product	Version	CPE
puppet	puppet	0.24.3	cpe:2.3:a:puppet:puppet:0.24.3:::::::*
puppet	puppet	0.24.4	cpe:2.3:a:puppet:puppet:0.24.4:::::::*
puppet	puppet	0.24.5	cpe:2.3:a:puppet:puppet:0.24.5:::::::*
puppet	puppet	0.24.6	cpe:2.3:a:puppet:puppet:0.24.6:::::::*
puppet	puppet	0.24.6	cpe:2.3:a:puppet:puppet:0.24.6:rc1::::::
puppet	puppet	0.24.6	cpe:2.3:a:puppet:puppet:0.24.6:rc2::::::
puppet	puppet	0.24.7	cpe:2.3:a:puppet:puppet:0.24.7:::::::*
puppet	puppet	0.24.7	cpe:2.3:a:puppet:puppet:0.24.7:rc2::::::
puppet	puppet	0.24.8	cpe:2.3:a:puppet:puppet:0.24.8:::::::*
puppet	puppet	0.24.8	cpe:2.3:a:puppet:puppet:0.24.8:rc1::::::