admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2014/CVE-2014-32xx/CVE-2014-3248.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

207 lines
7.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2014-3248",
"sourceIdentifier": "cve@mitre.org",
"published": "2014-11-16T17:59:03.113",
"lastModified": "2019-07-16T12:22:07.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Puppet Enterprise 2.8 anterior a 2.8.7, Puppet anterior a 2.7.26 y 3.x anterior a 3.6.2, Facter 1.6.x y 2.x anterior a 2.0.2, Hiera anterior a 1.3.4, y Mcollective anterior a 2.5.2 o anteriores, permite a usuarios locales ganar privilegios ubicando un troyano en el directorio actual a trav\u00e9s de un troyano en un archivo, se demostr\u00f3 usando (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, o (6) safe_yaml/deep.so; o (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, o (10) osfamily.so en puppet/confine."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"accessVector": "LOCAL",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": true,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-17"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1880B374-9898-4F94-A79A-EC3FC6417C78"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8731DD0A-1765-4D01-B84A-B11B2C3D3C8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "8C2C4B26-82E1-414C-8908-8C0B67933D3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "5F6D393E-C815-435A-AD62-C50FB8221852"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "163FF08E-1931-4A51-B309-FDF7518BF1AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "789555F6-BAFE-4468-BDEC-9575F9C3B348"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "601F4999-5841-4C0B-92C9-20D6276A43FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "06432280-17CC-4219-9D02-81370F3D97BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2F103639-4964-426B-9D23-7DE777ECD388"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.6.0",
"versionEndIncluding": "1.6.18",
"matchCriteriaId": "EBD66B12-AEF4-4AB6-BD19-860139A1318F"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.2",
"matchCriteriaId": "3B9AFF67-3EE5-4C7A-8344-B5CEEA140B80"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.4",
"matchCriteriaId": "6C8C556F-51B7-492B-B9DD-FFCF2C47AC8A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.7.26",
"matchCriteriaId": "9CD170C7-36AF-4316-8E69-8B8C2794DF76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.6.0",
"versionEndExcluding": "3.6.2",
"matchCriteriaId": "FF59DB1B-A958-42D3-BE68-71FA5CB32EF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.8.0",
"versionEndExcluding": "2.8.7",
"matchCriteriaId": "C30CB38D-C799-4CA8-AB51-8A8A1DEEA1E9"
}
]
}
]
}
],
"references": [
{
"url": "http://puppetlabs.com/security/cve/cve-2014-3248",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description"
]
},
{
"url": "http://www.securityfocus.com/bid/68035",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink