Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
dp-golang Go installation could be owned by wrong user
Vulnerability Description
dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive, go1.4-bootstrap-20170518.tar.gz, or go1.4-bootstrap-20170531.tar.gz. The user and group specified in Puppet code were ignored for files within the archive. dp-puppet version 1.2.7 will recreate installations if the owner or group of any file or directory within that installation does not match the requested owner or group
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Vulnerability Type
关键资源的不正确权限授予
Vulnerability Title
Puppet 安全漏洞
Vulnerability Description
Puppet是美国Puppet实验室的一套基于客户端/服务器(C/S)架构的配置管理工具,它可用于管理配置文件、用户、cron任务、软件包、系统服务等。 Puppet 1.2.7之前版本存在安全漏洞,该漏洞源于当Puppet以root用户身份运行时,dp-golang可以安装所有权错误的文件,包括编译器二进制文件。
CVSS Information
N/A
Vulnerability Type
N/A