CVE-2012-1053 – puppet

Package

Manager: gem
Name: puppet
Vulnerable Version: >=2.6 <2.6.14 || >=2.7 <2.7.11

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

EPSS: 0.00044 pctl0.12552

Details

Puppet Privilege Escallation The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.

Metadata

Created: 2022-05-14T00:56:44Z
Modified: 2023-08-29T21:12:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-77hg-g8cc-5r37/GHSA-77hg-g8cc-5r37.json
CWE IDs: ["CWE-269"]
Alternative ID: GHSA-77hg-g8cc-5r37
Finding: F159
Auto approve: 1