CVE-2014-3248 – puppet

Package

Manager: gem
Name: puppet
Vulnerable Version: >=0 <2.7.26 || >=3.0.0 <3.6.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00164 pctl0.37806

Details

facter, hiera, mcollective-client, and puppet affected by untrusted search path vulnerability Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) `rubygems/defaults/operating_system.rb`, (2) `Win32API.rb`, (3) `Win32API.so`, (4) `safe_yaml.rb`, (5) `safe_yaml/deep.rb`, or (6) `safe_yaml/deep.so`; or (7) `operatingsystem.rb`, (8) `operatingsystem.so`, (9) `osfamily.rb`, or (10) `osfamily.so` in `puppet/confine`.

Metadata

Created: 2017-10-24T18:33:36Z
Modified: 2023-06-07T14:06:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-92v7-pq4h-58j5/GHSA-92v7-pq4h-58j5.json
CWE IDs: []
Alternative ID: GHSA-92v7-pq4h-58j5
Finding: F098
Auto approve: 1