Main Vulnerability Database Vulnerabilities #VU42027

Permissions, Privileges, and Access Controls in Puppet Agent - CVE-2011-0528

Published: February 17, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU42027

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2011-0528

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Puppet Labs

Affected software:
Puppet Agent

Detailed vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.

How to mitigate CVE-2011-0528

Install update from vendor's website.

Sources

http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html
http://www.openwall.com/lists/oss-security/2011/01/27/6
http://www.openwall.com/lists/oss-security/2011/01/31/5
http://www.ubuntu.com/usn/USN-1365-1

Permissions, Privileges, and Access Controls in Puppet Agent - CVE-2011-0528

Detailed vulnerability description

How to mitigate CVE-2011-0528

Sources

Please verify you're human