Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown

CVE-2010-0156

Disclosure Date: March 03, 2010 (last updated October 04, 2023)
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.
0
Attacker Value
Unknown

CVE-2009-3564

Disclosure Date: October 06, 2009 (last updated October 04, 2023)
puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.
0