{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-10T00:00:00", "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-11-16T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://puppetlabs.com/security/cve/cve-2014-3248"}, {"name": "59197", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59197"}, {"name": "59200", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59200"}, {"tags": ["x_refsource_MISC"], "url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"}, {"name": "68035", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68035"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3248", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://puppetlabs.com/security/cve/cve-2014-3248", "refsource": "CONFIRM", "url": "http://puppetlabs.com/security/cve/cve-2014-3248"}, {"name": "59197", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59197"}, {"name": "59200", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59200"}, {"name": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/", "refsource": "MISC", "url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"}, {"name": "68035", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68035"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:35:57.167Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://puppetlabs.com/security/cve/cve-2014-3248"}, {"name": "59197", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59197"}, {"name": "59200", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59200"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"}, {"name": "68035", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68035"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3248", "datePublished": "2014-11-16T17:00:00", "dateReserved": "2014-05-07T00:00:00", "dateUpdated": "2024-08-06T10:35:57.167Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "1880B374-9898-4F94-A79A-EC3FC6417C78", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "8731DD0A-1765-4D01-B84A-B11B2C3D3C8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "8C2C4B26-82E1-414C-8908-8C0B67933D3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "5F6D393E-C815-435A-AD62-C50FB8221852", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "163FF08E-1931-4A51-B309-FDF7518BF1AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "789555F6-BAFE-4468-BDEC-9575F9C3B348", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "601F4999-5841-4C0B-92C9-20D6276A43FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "06432280-17CC-4219-9D02-81370F3D97BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "2F103639-4964-426B-9D23-7DE777ECD388", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBD66B12-AEF4-4AB6-BD19-860139A1318F", "versionEndIncluding": "1.6.18", "versionStartIncluding": "1.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B9AFF67-3EE5-4C7A-8344-B5CEEA140B80", "versionEndExcluding": "2.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C8C556F-51B7-492B-B9DD-FFCF2C47AC8A", "versionEndExcluding": "1.3.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CD170C7-36AF-4316-8E69-8B8C2794DF76", "versionEndExcluding": "2.7.26", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF59DB1B-A958-42D3-BE68-71FA5CB32EF4", "versionEndExcluding": "3.6.2", "versionStartIncluding": "3.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "C30CB38D-C799-4CA8-AB51-8A8A1DEEA1E9", "versionEndExcluding": "2.8.7", "versionStartIncluding": "2.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."}, {"lang": "es", "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Puppet Enterprise 2.8 anterior a 2.8.7, Puppet anterior a 2.7.26 y 3.x anterior a 3.6.2, Facter 1.6.x y 2.x anterior a 2.0.2, Hiera anterior a 1.3.4, y Mcollective anterior a 2.5.2 o anteriores, permite a usuarios locales ganar privilegios ubicando un troyano en el directorio actual a trav\u00e9s de un troyano en un archivo, se demostr\u00f3 usando (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, o (6) safe_yaml/deep.so; o (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, o (10) osfamily.so en puppet/confine."}], "id": "CVE-2014-3248", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-16T17:59:03.113", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://puppetlabs.com/security/cve/cve-2014-3248"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description"], "url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"}, {"source": "cve@mitre.org", "tags": ["Technical Description"], "url": "http://secunia.com/advisories/59197"}, {"source": "cve@mitre.org", "tags": ["Technical Description"], "url": "http://secunia.com/advisories/59200"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/68035"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://puppetlabs.com/security/cve/cve-2014-3248"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description"], "url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description"], "url": "http://secunia.com/advisories/59197"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description"], "url": "http://secunia.com/advisories/59200"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/68035"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-17"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Puppet Labs for reporting this issue. Upstream acknowledges Dennis Rowe (shr3kst3r) as the original reporter.", "bugzilla": {"description": "puppet: Ruby modules could be loaded from the current working directory", "id": "1101346", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101346"}, "csaw": false, "cvss": {"cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "draft"}, "cwe": "CWE-829", "details": ["Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."], "name": "CVE-2014-3248", "package_state": [{"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Not affected", "package_name": "puppet", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)"}, {"cpe": "cpe:/a:redhat:openstack:3", "fix_state": "Will not fix", "package_name": "puppet", "product_name": "Red Hat OpenStack Platform 3"}, {"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Not affected", "package_name": "puppet", "product_name": "Red Hat OpenStack Platform 4"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "puppet", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Not affected", "package_name": "ruby193-puppet", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2014-06-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3248\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3248\nhttp://puppetlabs.com/security/cve/cve-2014-3248"], "statement": "This issue did not affect the versions of Puppet, Mcollective, Facter, or Hiera as shipped with various Red Hat Enterprise products as they all run on top of Ruby 1.9.3 or later.", "threat_severity": "Moderate"}