CVE-2011-3871

Priority
Description
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in
--edit mode, uses a predictable file name, which allows local users to run
arbitrary Puppet code or trick a user into editing arbitrary files.
Assigned-to
jdstrand
Notes
Package
Upstream:released (2.6.11, 2.7.5)
More Information

Updated: 2019-12-05 20:57:56 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)