CVE-2011-0528
Puppet 2.6.0-2.6.3 - Authenticated Node Resource Access Control Bypass
Title source: llmDescription
Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1365-1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/01/27/6
Mailing List mailing-list
x_refsource_mlist
http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/01/31/5
Scores
EPSS
0.0027
EPSS Percentile
50.0%
Details
CWE
CWE-264
Status
published
Products (5)
puppet/puppet
2.6.0
puppet/puppet
2.6.1
puppet/puppet
2.6.2
puppet/puppet
2.6.3
rubygems/puppet
2.6.0 - 2.6.4RubyGems
Published
Feb 17, 2014
Tracked Since
Feb 18, 2026