CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
10.1%
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb)
in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet
Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly
manage group privileges, which allows local users to gain privileges via
vectors related to (1) the change_user not dropping supplementary groups in
certain conditions, (2) changes to the eguid without associated changes to
the egid, or (3) the addition of the real gid to supplementary groups.