Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2011-10-27 13:55
Updated : 2019-07-10 07:13
NVD link : CVE-2011-3870
Mitre link : CVE-2011-3870
JSON object : View
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')
Products Affected
puppetlabs
- puppet
puppet
- puppet