CVE-2011-0528

Published Feb 17, 2014

Last updated 5 years ago

Overview

Description: Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.5
Impact score: 4.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BEF50EE-4E4B-4641-BA34-B5024F1EF683"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CC72248-FD33-4CA0-A16E-0A174A864257"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CEFB16E-261F-4B81-BCBE-536CAD2EC44B"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "652D28FC-7133-4C5F-95D9-3468548465B5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References