CVE-2013-4956: Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1…

low3.6CVSS 3.1

AVLACLAuNCPIPAN

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.

Affected

30 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	puppet	< puppet 3.2.4-1 (bullseye)	puppet 3.2.4-1 (bullseye)
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	>= 0 < 3.2.4-1	3.2.4-1
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—

CVSS provenance

nvd3.6LOWAV:L/AC:L/Au:N/C:P/I:P/A:N

osv3.6LOW