GHSA-9pvx-fwwh-w289

Source

https://github.com/advisories/GHSA-9pvx-fwwh-w289

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9pvx-fwwh-w289/GHSA-9pvx-fwwh-w289.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9pvx-fwwh-w289

Aliases

CVE-2011-0528

Published

2022-05-14T00:56:55Z

Modified

2024-12-02T05:37:56.401336Z

Summary

Puppet does not properly restrict access to node resources

Details

Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.

Database specific

{
    "nvd_published_at": "2014-02-17T16:55:00Z",
    "cwe_ids": [
        "CWE-284"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-16T21:20:45Z"
}

References

Affected packages

RubyGems / puppet

Package

Name: puppet
Purl: pkg:gem/puppet

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.6.0

Fixed

2.6.4

Affected versions

2.*

2.6.0

2.6.1

2.6.2

2.6.3

Database specific

{
    "last_known_affected_version_range": "<= 2.6.3"
}