N/A

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.

N/A

N/A

Puppet和Puppet Enterprise 安全绕过漏洞

Puppet是美国Puppet实验室的一套基于客户端/服务器（C/S）架构的配置管理工具。该工具可用于管理配置文件、用户、cron任务、软件包、系统服务等。 Puppet和Puppet Enterprise中使用的Puppet Module Tool (PMT)中存在安全漏洞，程序没有正确控制模块安装的权限。本地用户可利用该漏洞读取或修改模块。以下版本受到影响：Puppet 2.7.23之前的2.7.x版本和3.2.4之前的3.2.x版本，Puppet Enterprise 2.8.3之前的2.8.x版本

N/A

N/A