CVE-2013-4969: Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a…

low2.1CVSS 3.1

AVLACLAuNCNIPAN

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

Affected

13 ranges

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	puppet	< puppet 3.4.1-1 (bullseye)	puppet 3.4.1-1 (bullseye)
puppet	puppet	>= 0 < 3.4.1-1	3.4.1-1
puppet	puppet_enterprise	>= 2.0.0 < 2.8.4	2.8.4
puppet	puppet_enterprise	>= 3.1 < 3.1.1	3.1.1
puppetlabs	puppet	3.0.0 – 3.3.2	—
puppetlabs	puppet	>= 3.4.0 < 3.4.1	3.4.1

CVSS provenance

nvd2.1LOWAV:L/AC:L/Au:N/C:N/I:P/A:N

osv2.1LOW