CVE-2014-3248

{"id": "CVE-2014-3248", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": true, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-11-16T17:59:03.113", "references": [{"url": "http://puppetlabs.com/security/cve/cve-2014-3248", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/", "tags": ["Exploit", "Technical Description"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/59197", "tags": ["Technical Description"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/59200", "tags": ["Technical Description"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/68035", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://puppetlabs.com/security/cve/cve-2014-3248", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/", "tags": ["Exploit", "Technical Description"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/59197", "tags": ["Technical Description"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/59200", "tags": ["Technical Description"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/68035", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-17"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."}, {"lang": "es", "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Puppet Enterprise 2.8 anterior a 2.8.7, Puppet anterior a 2.7.26 y 3.x anterior a 3.6.2, Facter 1.6.x y 2.x anterior a 2.0.2, Hiera anterior a 1.3.4, y Mcollective anterior a 2.5.2 o anteriores, permite a usuarios locales ganar privilegios ubicando un troyano en el directorio actual a trav\u00e9s de un troyano en un archivo, se demostr\u00f3 usando (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, o (6) safe_yaml/deep.so; o (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, o (10) osfamily.so en puppet/confine."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1880B374-9898-4F94-A79A-EC3FC6417C78"}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8731DD0A-1765-4D01-B84A-B11B2C3D3C8D"}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C2C4B26-82E1-414C-8908-8C0B67933D3A"}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F6D393E-C815-435A-AD62-C50FB8221852"}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "163FF08E-1931-4A51-B309-FDF7518BF1AC"}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "789555F6-BAFE-4468-BDEC-9575F9C3B348"}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "601F4999-5841-4C0B-92C9-20D6276A43FB"}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06432280-17CC-4219-9D02-81370F3D97BF"}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F103639-4964-426B-9D23-7DE777ECD388"}, {"criteria": "cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBD66B12-AEF4-4AB6-BD19-860139A1318F", "versionEndIncluding": "1.6.18", "versionStartIncluding": "1.6.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B9AFF67-3EE5-4C7A-8344-B5CEEA140B80", "versionEndExcluding": "2.5.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C8C556F-51B7-492B-B9DD-FFCF2C47AC8A", "versionEndExcluding": "1.3.4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CD170C7-36AF-4316-8E69-8B8C2794DF76", "versionEndExcluding": "2.7.26"}, {"criteria": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF59DB1B-A958-42D3-BE68-71FA5CB32EF4", "versionEndExcluding": "3.6.2", "versionStartIncluding": "3.6.0"}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C30CB38D-C799-4CA8-AB51-8A8A1DEEA1E9", "versionEndExcluding": "2.8.7", "versionStartIncluding": "2.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}