CVE-2011-3871: Puppet uses predictable filenames, allowing arbitrary file overwrite
6.2
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.1228%
CWE
Published
5/14/2022
Updated
1/19/2024
KEV Status
No
Technology
Ruby
Technical Details
CVSS Vector
AV:L/AC:H/Au:N/C:C/I:C/A:C
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
puppet | rubygems | < 2.6.11 | 2.6.11 |
puppet | rubygems | >= 2.7.0, < 2.7.5 | 2.7.5 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The GitHub patch shows the vulnerable code was replaced in lib/puppet/application/resource.rb
, where the temporary file creation logic resided. The original code used a static /tmp
path with the process ID (predictable), while the patched version switched to Tempfile.new
with a secure random name. The CVE description explicitly ties the vulnerability to the --edit
mode's predictable filename, which matches the code changes observed in the commit diff. No other functions are implicated in the advisory or patch details.