Lucene search

MitreCVE-2011-3871

HistoryOct 27, 2011 - 8:55 p.m.

CVE-2011-3871

2011-10-2720:55:01

CWE-264

mitre

web.nvd.nist.gov

puppet

cve-2011-3871

code execution

security vulnerability

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

Percentile

5.1%

JSON

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.

Affected configurations

Nvd

Node

puppetpuppetMatch2.6.0

puppetpuppetMatch2.6.1

puppetpuppetMatch2.6.2

puppetpuppetMatch2.6.3

puppetpuppetMatch2.6.4

puppetpuppetMatch2.6.5

puppetpuppetMatch2.6.6

puppetpuppetMatch2.6.7

puppetpuppetMatch2.6.8

puppetpuppetMatch2.6.9

puppetpuppetMatch2.6.10

puppetpuppetMatch2.7.2

puppetpuppetMatch2.7.3

puppetpuppetMatch2.7.4

puppetlabspuppetMatch2.7.0

puppetlabspuppetMatch2.7.1

Node

puppetpuppetMatch0.25.0

puppetpuppetMatch0.25.1

puppetpuppetMatch0.25.2

puppetpuppetMatch0.25.3

puppetpuppetMatch0.25.4

puppetpuppetMatch0.25.5

puppetpuppetMatch0.25.6

VendorProductVersionCPE
puppetpuppet2.6.0cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
puppetpuppet2.6.1cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
puppetpuppet2.6.2cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
puppetpuppet2.6.3cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
puppetpuppet2.6.4cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
puppetpuppet2.6.5cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
puppetpuppet2.6.6cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
puppetpuppet2.6.7cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
puppetpuppet2.6.8cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
puppetpuppet2.6.9cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
puppet	puppet	2.6.0	cpe:2.3:a:puppet:puppet:2.6.0:::::::*
puppet	puppet	2.6.1	cpe:2.3:a:puppet:puppet:2.6.1:::::::*
puppet	puppet	2.6.2	cpe:2.3:a:puppet:puppet:2.6.2:::::::*
puppet	puppet	2.6.3	cpe:2.3:a:puppet:puppet:2.6.3:::::::*
puppet	puppet	2.6.4	cpe:2.3:a:puppet:puppet:2.6.4:::::::*
puppet	puppet	2.6.5	cpe:2.3:a:puppet:puppet:2.6.5:::::::*
puppet	puppet	2.6.6	cpe:2.3:a:puppet:puppet:2.6.6:::::::*
puppet	puppet	2.6.7	cpe:2.3:a:puppet:puppet:2.6.7:::::::*
puppet	puppet	2.6.8	cpe:2.3:a:puppet:puppet:2.6.8:::::::*
puppet	puppet	2.6.9	cpe:2.3:a:puppet:puppet:2.6.9:::::::*