CVE-2011-0528: Puppet does not properly restrict access to node resources
(updated )
Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
References
- www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html
- www.openwall.com/lists/oss-security/2011/01/27/6
- www.openwall.com/lists/oss-security/2011/01/31/5
- www.ubuntu.com/usn/USN-1365-1
- github.com/advisories/GHSA-9pvx-fwwh-w289
- github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3
- nvd.nist.gov/vuln/detail/CVE-2011-0528
Detect and mitigate CVE-2011-0528 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →