CNNVD-202506-3288 Information

Jun 26, 2025 cve

CNNVD ID

CNNVD-202506-3288

CVE-2025-5459

  • CNNVD Published: 2025-06-26

Description (Chinese)

Puppet Enterprise Administration Module(PEADM)是Puppet开源的一个定义 Bolt 计划的 Puppet 模块。用于自动化 Puppet Enterprise 部署。 Puppet Enterprise Administration Module 2018.1.8至2023.8.3版本和2025.3版本存在安全漏洞,该漏洞源于特定节点组编辑权限可能导致root命令执行。

Description (English)

Puppet Enterprise Development Modeule (PEADM) is the Puppet module for a definition of the Bolt Scheme. To automate Puppet Enterprise deployment. There is a security gap between the versions of Puppet Enterprise Administration 2018.1.8 to 2023.8.3 and the versions of 2025.3, which stems from the fact that the editorial powers of a given node group may lead to the execution of the root command.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Puppet

Published

2025-06-26

Last Modified

2026-02-24

References

https://portal.perforce.com/s/detail/a91PA000001SiDdYAK https://vigilance.fr/vulnerability/Puppet-Enterprise-code-execution-via-Node-Group-Editing-Permissions-47545

Patch

https://www.puppet.com/products/puppet-enterprise

Share on: