USN-917-1 -- puppet vulnerabilitiesID: oval:org.secpod.oval:def:700168 | Date: (C)2011-01-28 (M)2021-09-11 |
Class: PATCH | Family: unix |
It was discovered that Puppet did not drop supplementary groups when being run as a different user. A local user may be able to use this flaw to bypass security restrictions and gain access to restricted files. It was discovered that Puppet did not correctly handle temporary files. A local user can exploit this flaw to bypass security restrictions and overwrite arbitrary files