Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0528

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2011-0528
Last Modified 21 Feb 2014 09:14:10
Published 17 Feb 2014 11:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-0528

Summary

Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.

Vulnerable Systems

Application

  • Puppetlabs Puppet 2.6.0

  • Puppetlabs Puppet 2.6.1

  • Puppetlabs Puppet 2.6.2

  • Puppetlabs Puppet 2.6.3


References

UBUNTU - USN-1365-1

MLIST - [oss-security] 20110127 Re: CVE request: puppet

MLIST - [oss-security] 20110127 CVE request: puppet

MLIST - [puppet-users] 20101201 SECURITY: Authorization vulnerability in Puppet 2.6.x


Last Updated: 27 May 2016 11:04:28