DEBIAN-CVE-2011-3871

DEBIAN-CVE-2011-3871 PUBLISHED

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.

Affected Products

Vendor	Product	Versions
Debian:11	puppet	0, 0, 0

Timeline

Oct 27, 2011 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2011-3871 advisory

Open in Interactive Console →