CVE-2015-1029 - OpenCVE

The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Puppet	Puppet Enterprise Stdlib

Configuration 1 [-]

AND

OR	cpe:2.3:a:puppet:stdlib:2.1.0:::::puppet::
	cpe:2.3:a:puppet:stdlib:2.1.1:::::puppet::
	cpe:2.3:a:puppet:stdlib:2.1.2:::::puppet::
	cpe:2.3:a:puppet:stdlib:2.1.3:::::puppet::
	cpe:2.3:a:puppet:stdlib:2.2.0:::::puppet::
	cpe:2.3:a:puppet:stdlib:2.2.1:::::puppet::
	cpe:2.3:a:puppet:stdlib:2.3.0:::::puppet::
	cpe:2.3:a:puppet:stdlib:2.3.1:::::puppet::
	cpe:2.3:a:puppet:stdlib:2.3.2:::::puppet::
	cpe:2.3:a:puppet:stdlib:2.3.3:::::puppet::
	cpe:2.3:a:puppet:stdlib:2.4.0:::::puppet::
	cpe:2.3:a:puppet:stdlib:2.5.0:::::puppet::
	cpe:2.3:a:puppet:stdlib:3.0.0:::::puppet::
	cpe:2.3:a:puppet:stdlib:4.1.0:::::puppet::
	cpe:2.3:a:puppet:stdlib:4.2.0:::::puppet::
	cpe:2.3:a:puppet:stdlib:4.2.1:::::puppet::
	cpe:2.3:a:puppet:stdlib:4.2.2:::::puppet::
	cpe:2.3:a:puppet:stdlib:4.3.0:::::puppet::
	cpe:2.3:a:puppet:stdlib:4.3.1:::::puppet::
	cpe:2.3:a:puppet:stdlib:4.3.2:::::puppet::
	cpe:2.3:a:puppet:stdlib:4.4.0:::::puppet::
	cpe:2.3:a:puppet:stdlib:4.5.0:::::puppet::

cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://puppetlabs.com/security/cve/cve-2015-1029
http://secunia.com/advisories/62328

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-01-16T16:00:00

Updated: 2024-08-06T04:33:19.249Z

Reserved: 2015-01-10T00:00:00

Link: CVE-2015-1029

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2015-01-16T16:59:22.093

Modified: 2019-07-11T13:44:52.067

Link: CVE-2015-1029

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-14T00:00:00", "descriptions": [{"lang": "en", "value": "The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-01-16T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://puppetlabs.com/security/cve/cve-2015-1029"}, {"name": "62328", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62328"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1029", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://puppetlabs.com/security/cve/cve-2015-1029", "refsource": "CONFIRM", "url": "http://puppetlabs.com/security/cve/cve-2015-1029"}, {"name": "62328", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62328"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:33:19.249Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://puppetlabs.com/security/cve/cve-2015-1029"}, {"name": "62328", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62328"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-1029", "datePublished": "2015-01-16T16:00:00", "dateReserved": "2015-01-10T00:00:00", "dateUpdated": "2024-08-06T04:33:19.249Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:stdlib:2.1.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "A800F031-8664-421D-ABF0-ABEE770683B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:2.1.1:*:*:*:*:puppet:*:*", "matchCriteriaId": "2B56C8B2-84DA-4A82-8280-D67A04FCA66B", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:2.1.2:*:*:*:*:puppet:*:*", "matchCriteriaId": "F0B3F1C8-6380-4B51-92E5-BFA87B0BEEA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:2.1.3:*:*:*:*:puppet:*:*", "matchCriteriaId": "68547D26-77FD-4365-A032-FD2FCCFE492B", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:2.2.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "6E878BAF-A709-40AC-9657-6DA9A5193042", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:2.2.1:*:*:*:*:puppet:*:*", "matchCriteriaId": "AC768DD7-93A6-4F85-BB99-133D0F61C52E", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:2.3.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "CCBCFD76-1252-4921-87E1-91AA3EB4CADF", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:2.3.1:*:*:*:*:puppet:*:*", "matchCriteriaId": "BA327AED-696D-46F3-8C46-3622ADC6486B", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:2.3.2:*:*:*:*:puppet:*:*", "matchCriteriaId": "2D626E51-252B-4CB2-8EA4-C2965605E9B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:2.3.3:*:*:*:*:puppet:*:*", "matchCriteriaId": "3EBEB51F-E8C5-4064-8B3F-A628BE6D7B79", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:2.4.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "B1020452-140D-4C2A-A526-D5510D6602D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:2.5.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "847ADAB6-06EA-442D-B8C0-039016990F24", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:3.0.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "3A7F320F-6EE4-454A-9972-7F411291858B", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:4.1.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "E9D3AC9E-1E8F-4A49-9213-87E15D828284", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:4.2.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "DDCEAA7C-65FC-48DE-9477-585F3B6DF0BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:4.2.1:*:*:*:*:puppet:*:*", "matchCriteriaId": "3A2E8B56-F3F1-4A70-8D40-64481859EB37", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:4.2.2:*:*:*:*:puppet:*:*", "matchCriteriaId": "89F003DF-67B3-47A0-A590-CE7AF02FDFA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:4.3.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "0D676850-BE22-4BF0-B41A-9A9DA1F67D38", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:4.3.1:*:*:*:*:puppet:*:*", "matchCriteriaId": "43E559F4-FAD2-4AB4-9469-8FB2AB6DB4F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:4.3.2:*:*:*:*:puppet:*:*", "matchCriteriaId": "BBC33295-8118-487C-B02A-A2176B22C74C", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:4.4.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "8DB0C81C-F17E-4A1D-AD69-211A12BFEDE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:stdlib:4.5.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "1F5DCE6D-1B56-4011-A8B5-BB6AF42CBFAF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE7B8763-117E-4E38-BD46-EE9B23A9B794", "versionEndIncluding": "2.8.8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache."}, {"lang": "es", "value": "El m\u00f3dulo puppetlabs-stdlib 2.1 hasta 3.0 y 4.1.0 hasta 4.5.x anterior a 4.5.1 para Puppet 2.8.8 y anteriores permite a usuarios remotos autenticados ganar privilegios o obtener informaci\u00f3n sensible mediante la prepoblaci\u00f3n del cach\u00e9 de hechos."}], "id": "CVE-2015-1029", "lastModified": "2019-07-11T13:44:52.067", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-16T16:59:22.093", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://puppetlabs.com/security/cve/cve-2015-1029"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/62328"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}