Lucene search
HistoryJan 16, 2015 - 4:59 p.m.
CVE-2015-1029
cve-2015-1029
puppetlabs
stdlib module
remote authentication
privilege escalation
sensitive information disclosure
fact cache
nvd
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
6.2 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
54.9%
The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.
Affected configurations
Node
puppetstdlibMatch2.1.0puppet
ORpuppetstdlibMatch2.1.1puppet
ORpuppetstdlibMatch2.1.2puppet
ORpuppetstdlibMatch2.1.3puppet
ORpuppetstdlibMatch2.2.0puppet
ORpuppetstdlibMatch2.2.1puppet
ORpuppetstdlibMatch2.3.0puppet
ORpuppetstdlibMatch2.3.1puppet
ORpuppetstdlibMatch2.3.2puppet
ORpuppetstdlibMatch2.3.3puppet
ORpuppetstdlibMatch2.4.0puppet
ORpuppetstdlibMatch2.5.0puppet
ORpuppetstdlibMatch3.0.0puppet
ORpuppetstdlibMatch4.1.0puppet
ORpuppetstdlibMatch4.2.0puppet
ORpuppetstdlibMatch4.2.1puppet
ORpuppetstdlibMatch4.2.2puppet
ORpuppetstdlibMatch4.3.0puppet
ORpuppetstdlibMatch4.3.1puppet
ORpuppetstdlibMatch4.3.2puppet
ORpuppetstdlibMatch4.4.0puppet
ORpuppetstdlibMatch4.5.0puppet
puppetpuppet_enterpriseRange≤2.8.8
Related
nvd
nvd
CVE-2015-1029
2015-01-16 16:59:22
debiancve
debiancve
CVE-2015-1029
2015-01-16 16:59:22
fedora
fedora
prion
prion
Design/Logic Flaw
2015-01-16 16:59:00
nessus
nessus
Fedora 21 : puppetlabs-stdlib-4.5.1-2.20150121git7a91f20.fc21 (2015-1708)
2015-02-16 00:00:00
Fedora 20 : puppetlabs-stdlib-4.5.1-2.20150121git7a91f20.fc20 (2015-1700)
2015-02-16 00:00:00
openvas
openvas
Fedora Update for puppetlabs-stdlib FEDORA-2015-1708
2015-02-15 00:00:00
Fedora Update for puppetlabs-stdlib FEDORA-2015-1700
2015-02-15 00:00:00
cvelist
cvelist
CVE-2015-1029
2015-01-16 16:00:00
ubuntucve
ubuntucve
CVE-2015-1029
2015-01-16 00:00:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
6.2 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
54.9%
Related for CVE-2015-1029