Weak Permissions in Puppet Module Tool (PMT) Installation

Weak Permissions in Puppet Module Tool (PMT) Installation

CVE-2013-4956 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:P/A:N

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.

Learn more about our User Device Pen Test.