CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-10689 – puppet: Unpacking of tarballs in tar/mini.rb can create files with insecure permissions
https://notcve.org/view.php?id=CVE-2017-10689
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. En versiones anteriores de Puppet Agent, era posible instalar un módulo con permisos de modificación para cualquier usuario. Puppet Agent 5.3.4 y 1.10.10 incluían una solución para esta vulnerabilidad. • https://access.redhat.com/errata/RHSA-2018:2927 https://puppet.com/security/cve/CVE-2017-10689 https://usn.ubuntu.com/3567-1 https://access.redhat.com/security/cve/CVE-2017-10689 https://bugzilla.redhat.com/show_bug.cgi?id=1542850 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3250
https://notcve.org/view.php?id=CVE-2014-3250
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. El archivo de configuración vhost por defecto en Puppet en versiones anteriores a la 3.6.2 no incluye la directiva SSLCARevocationCheck. Esto podría permitir que atacantes remotos obtengan información sensible mediante un certificado revocado cuando un Puppet master se ejecuta con Apache 2.4. • https://bugzilla.redhat.com/show_bug.cgi?id=1101347 https://puppet.com/security/cve/CVE-2014-3250 • CWE-295: Improper Certificate Validation •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2295 – puppet: Unsafe YAML deserialization
https://notcve.org/view.php?id=CVE-2017-2295
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML. Las versiones de Puppet anteriores a la 4.10.1 deserializarán datos "off the wire" (del agente al servidor, en este caso) con un formato especificado por el atacante. Esto podría emplearse para forzar la deserialización YAML de forma no segura, lo que conduciría a la ejecución remota de código. • http://www.debian.org/security/2017/dsa-3862 http://www.securityfocus.com/bid/98582 https://puppet.com/security/cve/cve-2017-2295 https://access.redhat.com/security/cve/CVE-2017-2295 https://bugzilla.redhat.com/show_bug.cgi?id=1452651 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2785
https://notcve.org/view.php?id=CVE-2016-2785
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding. Puppet Server en versiones anteriores a 2.3.2 y Ruby puppetmaster en Puppet 4.x en versiones anteriores a 4.4.2 y en Puppet Agent en versiones anteriores a 1.4.2 podría permitir a atacantes remotos eludir las restricciones destinas al acceso auth.conf aprovechando una decodificación URL incorrecta. • https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2 https://puppet.com/security/cve/cve-2016-2785 https://security.gentoo.org/glsa/201606-02 • CWE-284: Improper Access Control •
CVSS: 6.2EPSS: 0%CPEs: 15EXPL: 1CVE-2014-3248
https://notcve.org/view.php?id=CVE-2014-3248
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. Vulnerabilidad de ruta de búsqueda no confiable en Puppet Enterprise 2.8 anterior a 2.8.7, Puppet anterior a 2.7.26 y 3.x anterior a 3.6.2, Facter 1.6.x y 2.x anterior a 2.0.2, Hiera anterior a 1.3.4, y Mcollective anterior a 2.5.2 o anteriores, permite a usuarios locales ganar privilegios ubicando un troyano en el directorio actual a través de un troyano en un archivo, se demostró usando (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, o (6) safe_yaml/deep.so; o (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, o (10) osfamily.so en puppet/confine. • http://puppetlabs.com/security/cve/cve-2014-3248 http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet http://secunia.com/advisories/59197 http://secunia.com/advisories/59200 http://www.securityfocus.com/bid/68035 • CWE-17: DEPRECATED: Code •