Puppet Symlink File Overwrite
Low Nessus Plugin ID 72151
SynopsisA web application on the remote host is potentially affected by a file overwrite vulnerability.
DescriptionAccording to its self-reported version number, the Puppet install on the remote host is potentially affected by an error related to temporary files and their use. A local attacker could potentially use a symlink attack to overwrite arbitrary files.
SolutionUpgrade to Puppet 3.3.3 / 3.4.1 or Puppet Enterprise 2.8.4 / 3.1.1 or later.