Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1029

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2015-1029
Last Modified 21 Jan 2015 11:14:56
Published 16 Jan 2015 11:59:22
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2015-1029

Summary

The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.

Vulnerable Systems

Application

  • Puppetlabs Stdlib 2.1.0

  • Puppetlabs Stdlib 2.1.1

  • Puppetlabs Stdlib 2.1.2

  • Puppetlabs Stdlib 2.1.3

  • Puppetlabs Stdlib 2.2.0

  • Puppetlabs Stdlib 2.2.1

  • Puppetlabs Stdlib 2.3.0

  • Puppetlabs Stdlib 2.3.1

  • Puppetlabs Stdlib 2.3.2

  • Puppetlabs Stdlib 2.3.3

  • Puppetlabs Stdlib 2.4.0

  • Puppetlabs Stdlib 2.5.0

  • Puppetlabs Stdlib 3.0.0

  • Puppetlabs Stdlib 4.1.0

  • Puppetlabs Stdlib 4.2.0

  • Puppetlabs Stdlib 4.2.1

  • Puppetlabs Stdlib 4.2.2

  • Puppetlabs Stdlib 4.3.0

  • Puppetlabs Stdlib 4.3.1

  • Puppetlabs Stdlib 4.3.2

  • Puppetlabs Stdlib 4.4.0

  • Puppetlabs Stdlib 4.5.0


References

SECUNIA - 62328

CONFIRM - http://puppetlabs.com/security/cve/cve-2015-1029


Last Updated: 27 May 2016 10:38:13