CVE-2011-3871 — Puppet uses predictable filenames, allowing arbitrary file overwrite

Description

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.

How to fix CVE-2011-3871

To remediate CVE-2011-3871, upgrade the affected package to a fixed version below.

Debian/puppet—upgrade to 2.7.3-3 or later
RubyGems/puppet—upgrade to 2.7.5 or later

Is CVE-2011-3871 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 2.7.3-3
>= 2.7.0, < 2.7.5

References (14)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2011-3871
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-3871
PATCHgithub.com/puppetlabs/puppet
WEBgroups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb