CVE-2014-3248
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2014-3248
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2014-3248.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2014-3248
- Aliases
- Related
- Published
- 2014-11-16T17:59:03Z
- Modified
- 2024-06-30T12:00:03Z
- Summary
- [none]
- Details
-
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operatingsystem.rb, (2) Win32API.rb, (3) Win32API.so, (4) safeyaml.rb, (5) safeyaml/deep.rb, or (6) safeyaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
- References
Affected packages
Debian:11 / facter
Package
- Name
- facter
- Purl
- pkg:deb/debian/facter?arch=source
Debian:12 / facter
Package
- Name
- facter
- Purl
- pkg:deb/debian/facter?arch=source
Debian:13 / facter
Package
- Name
- facter
- Purl
- pkg:deb/debian/facter?arch=source
Debian:11 / hiera
Package
- Name
- hiera
- Purl
- pkg:deb/debian/hiera?arch=source
Debian:12 / hiera
Package
- Name
- hiera
- Purl
- pkg:deb/debian/hiera?arch=source
Debian:13 / hiera
Package
- Name
- hiera
- Purl
- pkg:deb/debian/hiera?arch=source
Debian:11 / mcollective
Package
- Name
- mcollective
- Purl
- pkg:deb/debian/mcollective?arch=source
Debian:12 / mcollective
Package
- Name
- mcollective
- Purl
- pkg:deb/debian/mcollective?arch=source
Debian:11 / puppet
Package
- Name
- puppet
- Purl
- pkg:deb/debian/puppet?arch=source