CVE-2011-0528

Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.

CVSS v2.0 5.5 MEDIUM

5.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html
http://www.openwall.com/lists/oss-security/2011/01/31/5
http://www.openwall.com/lists/oss-security/2011/01/27/6
http://www.ubuntu.com/usn/USN-1365-1

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:puppet:puppet:2.6.3:::::::*
	cpe:2.3:a:puppet:puppet:2.6.0:::::::*
	cpe:2.3:a:puppet:puppet:2.6.1:::::::*
	cpe:2.3:a:puppet:puppet:2.6.2:::::::*

Information

Published : 2014-02-17 08:55

Updated : 2019-07-10 07:13

NVD link : CVE-2011-0528

Mitre link : CVE-2011-0528

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

puppet

puppet

5.5 /10