cbcvebase.
CVE-2010-0156
published 2010-03-03

CVE-2010-0156: Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2)…

low3.3CVSS 3.1
AVLACMAuNCNIPAP
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.

Affected

13 ranges
VendorProductVersion rangeFixed in
debianpuppet< puppet 0.25.4-2 (bullseye)puppet 0.25.4-2 (bullseye)
puppetpuppet
puppetpuppet
puppetpuppet
puppetpuppet
puppetpuppet
puppetpuppet
puppetpuppet
puppetpuppet
puppetpuppet
puppetpuppet>= 0 < 0.25.4-20.25.4-2
puppetpuppet>= 0.24.0 < 0.24.90.24.9
puppetpuppet>= 0.25.0 < 0.25.20.25.2

CVSS provenance

nvd3.3LOWAV:L/AC:M/Au:N/C:N/I:P/A:P
osv3.3LOW