CVE-2011-0528 - Vulnerability Details - OpenCVE

Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00265.

Key SSVC decision points have not yet been added.

Vendors	Products
Puppet Subscribe	Puppet Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:puppet:puppet:2.6.0:::::::*
	cpe:2.3:a:puppet:puppet:2.6.1:::::::*
	cpe:2.3:a:puppet:puppet:2.6.2:::::::*
	cpe:2.3:a:puppet:puppet:2.6.3:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-3428	Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
Github GHSA	GHSA-9pvx-fwwh-w289	Puppet does not properly restrict access to node resources
Ubuntu USN	USN-1365-1	Puppet vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html
http://www.openwall.com/lists/oss-security/2011/01/27/6
http://www.openwall.com/lists/oss-security/2011/01/31/5
http://www.ubuntu.com/usn/USN-1365-1

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-02-17T16:00:00

Updated: 2024-08-06T21:58:24.966Z

Reserved: 2011-01-20T00:00:00

Link: CVE-2011-0528

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-02-17T16:55:04.787

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-0528

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-12-01T00:00:00", "descriptions": [{"lang": "en", "value": "Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-17T15:57:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-1365-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1365-1"}, {"name": "[oss-security] 20110127 CVE request: puppet", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/01/27/6"}, {"name": "[puppet-users] 20101201 SECURITY: Authorization vulnerability in Puppet 2.6.x", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html"}, {"name": "[oss-security] 20110127 Re: CVE request: puppet", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/01/31/5"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:58:24.966Z"}, "title": "CVE Program Container", "references": [{"name": "USN-1365-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1365-1"}, {"name": "[oss-security] 20110127 CVE request: puppet", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/01/27/6"}, {"name": "[puppet-users] 20101201 SECURITY: Authorization vulnerability in Puppet 2.6.x", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html"}, {"name": "[oss-security] 20110127 Re: CVE request: puppet", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/01/31/5"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-0528", "datePublished": "2014-02-17T16:00:00", "dateReserved": "2011-01-20T00:00:00", "dateUpdated": "2024-08-06T21:58:24.966Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BEF50EE-4E4B-4641-BA34-B5024F1EF683", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "1CC72248-FD33-4CA0-A16E-0A174A864257", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "7CEFB16E-261F-4B81-BCBE-536CAD2EC44B", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "652D28FC-7133-4C5F-95D9-3468548465B5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors."}, {"lang": "es", "value": "Puppet 2.6.0 hasta 2.6.3 no restringe debidamente el acceso a los recursos de nodo, lo que permite a nodos Puppet remotos autenticados leer o modificar los recursos de otros nodos a trav\u00e9s de vectores no especificados."}], "id": "CVE-2011-0528", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-17T16:55:04.787", "references": [{"source": "secalert@redhat.com", "url": "http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/01/27/6"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/01/31/5"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1365-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2011/01/27/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2011/01/31/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1365-1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}