CVE-2009-3564
published 2009-10-06CVE-2009-3564: puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted…
medium4.7CVSS 3.1
AVLACMAuNCCINAN
puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | puppet | < puppet 0.25.1-3 (bullseye) | puppet 0.25.1-3 (bullseye) |
| puppet | puppet | >= 0 < 0.25.1-3 | 0.25.1-3 |
| reductivelabs | puppet | — | — |
CVSS provenance
nvd4.7MEDIUMAV:L/AC:M/Au:N/C:C/I:N/A:N
osv4.7MEDIUM