CVE-2011-0528 – puppet

Package

Manager: gem
Name: puppet
Vulnerable Version: >=2.6.0 <2.6.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00265 pctl0.4978

Details

Puppet does not properly restrict access to node resources Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.

Metadata

Created: 2022-05-14T00:56:55Z
Modified: 2024-01-16T21:20:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9pvx-fwwh-w289/GHSA-9pvx-fwwh-w289.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-9pvx-fwwh-w289
Finding: F039
Auto approve: 1