On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-agent 1.12.1.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/96583 | Third Party Advisory VDB Entry |
https://puppet.com/security/cve/cve-2017-2290 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2017-03-03 15:59
Updated : 2024-02-28 15:44
NVD link : CVE-2017-2290
Mitre link : CVE-2017-2290
CVE.ORG link : CVE-2017-2290
JSON object : View
Products Affected
microsoft
- windows
puppet
- mcollective-puppet-agent
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource