CVE-2013-4956
3.6
Vector
AV:L/AC:L/Au:N/C:P/I:P/A:N
Exploitability: 3.9 / Impact: 4.9
Source: NVD
Description
Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.
Affected (28)
Products: Puppet: Puppet, Puppet Enterprise · Puppetlabs: Puppet
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.7.10 | |
| Version 2.8.0 | |
| Version 2.7.0 |
Related CWEs
References (8)
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.