CVE-2013-4969

Overview

CVE-2013-4969 (Unsafe use of temp files in File type)

  • Posted December 26, 2013

  • Assessed Risk Level: Medium

Previous code used temp files unsafely by looking for a name it could use in a directory, and then later writing to that file, creating a vulnerability in which an attacker could make the name a symlink to another file and thereby cause puppet agent to overwrite something that it did not intend to.

Status

  • Affected Versions: Puppet Enterprise 2.x, 3.x
  • Resolved in Puppet Enterprise 2.8.4 and 3.1.1
  • Resolved in Puppet 3.4.1