Main Vulnerability Database SB2014021701

SB2014021701 - Permissions, Privileges, and Access Controls in Puppet

Published: February 17, 2014 Updated: August 10, 2020

Security Bulletin ID SB2014021701

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-0528)

The vulnerability allows a remote #AU# to read and manipulate data.

Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.

Remediation

Install update from vendor's website.

References

http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html
http://www.openwall.com/lists/oss-security/2011/01/27/6
http://www.openwall.com/lists/oss-security/2011/01/31/5
http://www.ubuntu.com/usn/USN-1365-1