OpenCVE

Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Puppet	Puppet

Configuration 1 [-]

OR	cpe:2.3:a:puppet:puppet:2.6.0:::::::*
	cpe:2.3:a:puppet:puppet:2.6.1:::::::*
	cpe:2.3:a:puppet:puppet:2.6.2:::::::*
	cpe:2.3:a:puppet:puppet:2.6.3:::::::*

No data.

References

Link	Providers
http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html
http://www.openwall.com/lists/oss-security/2011/01/27/6
http://www.openwall.com/lists/oss-security/2011/01/31/5
http://www.ubuntu.com/usn/USN-1365-1

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-02-17T16:00:00

Updated: 2024-08-06T21:58:24.966Z

Reserved: 2011-01-20T00:00:00

Link: CVE-2011-0528

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-02-17T16:55:04.787

Modified: 2019-07-10T14:13:09.043

Link: CVE-2011-0528

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-12-01T00:00:00", "descriptions": [{"lang": "en", "value": "Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-17T15:57:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-1365-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1365-1"}, {"name": "[oss-security] 20110127 CVE request: puppet", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/01/27/6"}, {"name": "[puppet-users] 20101201 SECURITY: Authorization vulnerability in Puppet 2.6.x", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html"}, {"name": "[oss-security] 20110127 Re: CVE request: puppet", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/01/31/5"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:58:24.966Z"}, "title": "CVE Program Container", "references": [{"name": "USN-1365-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1365-1"}, {"name": "[oss-security] 20110127 CVE request: puppet", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/01/27/6"}, {"name": "[puppet-users] 20101201 SECURITY: Authorization vulnerability in Puppet 2.6.x", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html"}, {"name": "[oss-security] 20110127 Re: CVE request: puppet", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/01/31/5"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-0528", "datePublished": "2014-02-17T16:00:00", "dateReserved": "2011-01-20T00:00:00", "dateUpdated": "2024-08-06T21:58:24.966Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BEF50EE-4E4B-4641-BA34-B5024F1EF683", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "1CC72248-FD33-4CA0-A16E-0A174A864257", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "7CEFB16E-261F-4B81-BCBE-536CAD2EC44B", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "652D28FC-7133-4C5F-95D9-3468548465B5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors."}, {"lang": "es", "value": "Puppet 2.6.0 hasta 2.6.3 no restringe debidamente el acceso a los recursos de nodo, lo que permite a nodos Puppet remotos autenticados leer o modificar los recursos de otros nodos a trav\u00e9s de vectores no especificados."}], "id": "CVE-2011-0528", "lastModified": "2019-07-10T14:13:09.043", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-17T16:55:04.787", "references": [{"source": "secalert@redhat.com", "url": "http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/01/27/6"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/01/31/5"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1365-1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}