CVSS 3 Base Score: Posted On: April 11, 2012Assessed Risk Level: NoneA bug in Puppet uses a predictable file name and allows writing to files on the puppet master. The telnet connection type for managing network devices opens a NET::Telnet connection whose output log is written to a predictable location (/tmp/out.log). That log can be replaced by a symlink to an arbitrary location, potentially overwriting files. Note: This only affects the 2.7 series of Puppet. Status:Affected software versions:Resolved in:Resolved in 2.7.13 rpm, debResolved in Puppet Enterprise 2.5.1Hotfixes available for Puppet Enterprise 2.0.xHotfixeshttp://puppetlabs.com/security/cve/cve-2012-1989/hotfixes/← Back to CVE Listings