Versio.io

CVE-2013-4969

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 07-01-2014 07:55
Last modified: - 24-01-2022 05:46
Total changes: - 2

Description

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:N/I:P/A:N
Low
Attack complexity
Local
Attack vector
None
Availability
None
Confidentiality
Low
Integrity
-
Privileges required
-
Scope
-
User interaction
2.1
Base score
3.9
2.9
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=puppetlabs AND product=puppet AND versionEndIncluding=3.3.2 AND versionStartIncluding=3.0.0
vendor=puppetlabs AND product=puppet AND versionStartIncluding=3.4.0 AND versionEndExcluding=3.4.1
OR
vendor=puppet AND product=puppet_enterprise AND versionStartIncluding=2.0.0 AND versionEndExcluding=2.8.4
vendor=puppet AND product=puppet_enterprise AND versionStartIncluding=3.1 AND versionEndExcluding=3.1.1
OR
vendor=Debian AND product=debian_linux AND version=6.0
vendor=Debian AND product=debian_linux AND version=7.0
vendor=Debian AND product=debian_linux AND version=8.0
OR
vendor=canonical AND product=ubuntu_linux AND version=12.04 AND software_edition=lts
vendor=canonical AND product=ubuntu_linux AND version=13.04
vendor=canonical AND product=ubuntu_linux AND version=12.10
vendor=canonical AND product=ubuntu_linux AND version=13.10
 

Reference

 


Keywords

NVD

 

CVE-2013-4969

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.