ID OPENVAS:1361412562310113100 Type openvas Reporter Copyright (C) 2018 Greenbone Networks GmbH Modified 2020-04-02T00:00:00
Description
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 are prone to multiple vulnerabilities.
This NVT has duplicated the existing NVT
###############################################################################
# OpenVAS Vulnerability Test
#
# Puppet Enterprise < 2016.4.4 / 2017 < 2017.2.1 Multiple Vulnerabilities
#
# Authors:
# Jan Philipp Schulte <jan.schulte@greenbone.net>
#
# Copyright:
# Copyright (C) 2018 Greenbone Networks GmbH, https://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if( description )
{
script_oid("1.3.6.1.4.1.25623.1.0.113100");
script_version("2020-04-02T11:36:28+0000");
script_tag(name:"last_modification", value:"2020-04-02 11:36:28 +0000 (Thu, 02 Apr 2020)");
script_tag(name:"creation_date", value:"2018-02-02 11:11:11 +0100 (Fri, 02 Feb 2018)");
script_tag(name:"cvss_base", value:"6.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
script_cve_id("CVE-2017-2297", "CVE-2017-2293");
script_name("Puppet Enterprise < 2016.4.4 / 2017 < 2017.2.1 Multiple Vulnerabilities");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2018 Greenbone Networks GmbH");
script_family("Web application abuses");
script_tag(name:"summary", value:"Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 are prone to multiple vulnerabilities.
This NVT has duplicated the existing NVT 'Puppet Enterprise < 2016.4.5 / < 2017.2.1 Multiple Vulnerabilities' (OID: 1.3.6.1.4.1.25623.1.0.106929).");
script_tag(name:"vuldetect", value:"The script checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The affected versions shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents.
The affected versions did not correctly authenticate users before returning labeled RBAC access tokens");
script_tag(name:"affected", value:"Puppet Enterprise through 2016.4.4 or 2017.2.0");
script_tag(name:"solution", value:"Update to version 2016.4.5 or 2017.2.1 respectively.");
script_xref(name:"URL", value:"https://puppet.com/security/cve/cve-2017-2293");
script_xref(name:"URL", value:"https://puppet.com/security/cve/cve-2017-2297");
script_tag(name:"deprecated", value:TRUE);
exit(0);
}
exit(66);
{"id": "OPENVAS:1361412562310113100", "type": "openvas", "bulletinFamily": "scanner", "title": "Puppet Enterprise < 2016.4.4 / 2017 < 2017.2.1 Multiple Vulnerabilities", "description": "Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 are prone to multiple vulnerabilities.\n\n This NVT has duplicated the existing NVT ", "published": "2018-02-02T00:00:00", "modified": "2020-04-02T00:00:00", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113100", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://puppet.com/security/cve/cve-2017-2297", "https://puppet.com/security/cve/cve-2017-2293"], "cvelist": ["CVE-2017-2293", "CVE-2017-2297"], "lastseen": "2020-04-07T16:39:05", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-2293", "CVE-2017-2297"]}, {"type": "nessus", "idList": ["PUPPET_ENTERPRISE_2016_4_5.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310106929"]}], "modified": "2020-04-07T16:39:05", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2020-04-07T16:39:05", "rev": 2}, "vulnersScore": 6.2}, "pluginID": "1361412562310113100", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Puppet Enterprise < 2016.4.4 / 2017 < 2017.2.1 Multiple Vulnerabilities\n#\n# Authors:\n# Jan Philipp Schulte <jan.schulte@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113100\");\n script_version(\"2020-04-02T11:36:28+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-02 11:36:28 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-02 11:11:11 +0100 (Fri, 02 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2017-2297\", \"CVE-2017-2293\");\n\n script_name(\"Puppet Enterprise < 2016.4.4 / 2017 < 2017.2.1 Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n\n script_tag(name:\"summary\", value:\"Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 are prone to multiple vulnerabilities.\n\n This NVT has duplicated the existing NVT 'Puppet Enterprise < 2016.4.5 / < 2017.2.1 Multiple Vulnerabilities' (OID: 1.3.6.1.4.1.25623.1.0.106929).\");\n\n script_tag(name:\"vuldetect\", value:\"The script checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The affected versions shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents.\n\n The affected versions did not correctly authenticate users before returning labeled RBAC access tokens\");\n\n script_tag(name:\"affected\", value:\"Puppet Enterprise through 2016.4.4 or 2017.2.0\");\n\n script_tag(name:\"solution\", value:\"Update to version 2016.4.5 or 2017.2.1 respectively.\");\n\n script_xref(name:\"URL\", value:\"https://puppet.com/security/cve/cve-2017-2293\");\n script_xref(name:\"URL\", value:\"https://puppet.com/security/cve/cve-2017-2297\");\n\n script_tag(name:\"deprecated\", value:TRUE);\n\n exit(0);\n}\n\nexit(66);\n", "naslFamily": "Web application abuses"}
{"cve": [{"lastseen": "2021-02-02T06:36:43", "description": "Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy.", "edition": 8, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-02-01T22:29:00", "title": "CVE-2017-2293", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2293"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:puppet:puppet:2017.1.0", "cpe:/a:puppet:puppet:2017.1.1", "cpe:/a:puppet:puppet:2016.5.1", "cpe:/a:puppet:puppet:2016.5.2"], "id": "CVE-2017-2293", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2293", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:puppet:puppet:2016.5.2:*:*:*:enterprise:*:*:*", "cpe:2.3:a:puppet:puppet:2017.1.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:puppet:puppet:2017.1.1:*:*:*:enterprise:*:*:*", "cpe:2.3:a:puppet:puppet:2016.5.1:*:*:*:enterprise:*:*:*"]}, {"lastseen": "2021-02-02T06:36:43", "description": "Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens.", "edition": 8, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-01T22:29:00", "title": "CVE-2017-2297", "type": "cve", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2297"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:puppet:puppet:2017.1.0", "cpe:/a:puppet:puppet:2017.1.1", "cpe:/a:puppet:puppet:2016.5.1", "cpe:/a:puppet:puppet:2016.5.2"], "id": "CVE-2017-2297", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2297", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:puppet:puppet:2016.5.2:*:*:*:enterprise:*:*:*", "cpe:2.3:a:puppet:puppet:2017.1.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:puppet:puppet:2017.1.1:*:*:*:enterprise:*:*:*", "cpe:2.3:a:puppet:puppet:2016.5.1:*:*:*:enterprise:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:34:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295", "CVE-2017-2294", "CVE-2017-2292", "CVE-2017-2293", "CVE-2017-2297"], "description": "Puppet Enterprise is prone to multiple vulnerabilities.", "modified": "2018-10-26T00:00:00", "published": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310106929", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106929", "type": "openvas", "title": "Puppet Enterprise < 2016.4.5 / < 2017.2.1 Multiple Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_puppet_enterprise_mult_vuln.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Puppet Enterprise < 2016.4.5 / < 2017.2.1 Multiple Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:puppet:enterprise\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106929\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-06 15:23:17 +0700 (Thu, 06 Jul 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-2292\", \"CVE-2017-2293\", \"CVE-2017-2294\", \"CVE-2017-2295\", \"CVE-2017-2297\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Puppet Enterprise < 2016.4.5 / < 2017.2.1 Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_puppet_enterprise_detect.nasl\");\n script_mandatory_keys(\"puppet_enterprise/installed\");\n\n script_tag(name:\"summary\", value:\"Puppet Enterprise is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Puppet Enterprise is prone to multiple vulnerabilities:\n\n - MCollective Remote Code Execution Via YAML Deserialization (CVE-2017-2292)\n\n - MCollective Server Allows Installing Arbitrary Packages On Agents (CVE-2017-2293)\n\n - MCollective Private Keys Visible In PuppetDB (CVE-2017-2294)\n\n - Puppet Server Remote Code Execution Via YAML Deserialization (CVE-2017-2295)\n\n - Incorrect Credential Management with RBAC Tokens (CVE-2017-2297)\");\n\n script_tag(name:\"affected\", value:\"Puppet Enterprise prior to 2016.4.5, 2016.5.x, 2017.1.x.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2016.4.5, 2017.2.1 or later.\");\n\n script_xref(name:\"URL\", value:\"https://puppet.com/security/cve/cve-2017-2292\");\n script_xref(name:\"URL\", value:\"https://puppet.com/security/cve/cve-2017-2293\");\n script_xref(name:\"URL\", value:\"https://puppet.com/security/cve/cve-2017-2294\");\n script_xref(name:\"URL\", value:\"https://puppet.com/security/cve/cve-2017-2295\");\n script_xref(name:\"URL\", value:\"https://puppet.com/security/cve/cve-2017-2297\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_less(version: version, test_version: \"2016.4.5\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2016.4.5\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version:\"2016.5.0\", test_version2: \"2017.2.0\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2017.2.1\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-02-01T05:20:34", "description": "According to its self-reported version number, the Puppet install on\nthe remote host is affected by multiple vulnerabilities :\n\n - A remote command execution vulnerability exists in the MCollective plugin\n due to unsafe YAML deserialization. An unauthenticated, remote attacker \n can exploit this to bypass authentication and execute arbitrary commands. \n (CVE-2017-2292, CVE-2017-2295)\n\n - An arbitrary package install vulnerability exists in the MCollective plugin\n due to unsafe default configuration. An unauthenticated, remote attacker \n can exploit this to install or remove packages on all managed agents.\n (CVE-2017-2293)\n\n - An information disclosure vulnerability exists in the MCollective plugin\n due to unsafe storage of server private keys. An unauthenticated, remote attacker \n can exploit this to view sensitive private keys.\n (CVE-2017-2294)\n \n - An authentication bypass vulnerability exists in labled RBAC access tokens. \n An unauthenticated, attacker can exploit this, to bypass authentication \n and execute arbitrary actions of users configured to use labeled RBAC\n access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 \n and 2017.2.1. This only affects users with labeled tokens, which is \n not the default for tokens. (CVE-2017-2297)", "edition": 17, "cvss3": {"score": 9.0, "vector": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"}, "published": "2019-10-09T00:00:00", "title": "Puppet Enterprise < 2016.4.5 / 2016.5.x / 2017.1.x Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295", "CVE-2017-2294", "CVE-2017-2292", "CVE-2017-2293", "CVE-2017-2297"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:puppetlabs:puppet"], "id": "PUPPET_ENTERPRISE_2016_4_5.NASL", "href": "https://www.tenable.com/plugins/nessus/129755", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129755);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/17 14:31:04\");\n\n script_cve_id(\n \"CVE-2017-2292\",\n \"CVE-2017-2293\",\n \"CVE-2017-2294\",\n \"CVE-2017-2295\",\n \"CVE-2017-2297\"\n );\n script_bugtraq_id(98582);\n\n script_name(english:\"Puppet Enterprise < 2016.4.5 / 2016.5.x / 2017.1.x Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Puppet Enterprise version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Puppet install on\nthe remote host is affected by multiple vulnerabilities :\n\n - A remote command execution vulnerability exists in the MCollective plugin\n due to unsafe YAML deserialization. An unauthenticated, remote attacker \n can exploit this to bypass authentication and execute arbitrary commands. \n (CVE-2017-2292, CVE-2017-2295)\n\n - An arbitrary package install vulnerability exists in the MCollective plugin\n due to unsafe default configuration. An unauthenticated, remote attacker \n can exploit this to install or remove packages on all managed agents.\n (CVE-2017-2293)\n\n - An information disclosure vulnerability exists in the MCollective plugin\n due to unsafe storage of server private keys. An unauthenticated, remote attacker \n can exploit this to view sensitive private keys.\n (CVE-2017-2294)\n \n - An authentication bypass vulnerability exists in labled RBAC access tokens. \n An unauthenticated, attacker can exploit this, to bypass authentication \n and execute arbitrary actions of users configured to use labeled RBAC\n access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 \n and 2017.2.1. This only affects users with labeled tokens, which is \n not the default for tokens. (CVE-2017-2297)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/CVE-2017-2292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/CVE-2017-2293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/CVE-2017-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/CVE-2017-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/CVE-2017-2297\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Puppet Enterprise version 2016.4.5 / 2017.2.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-2292\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:puppetlabs:puppet\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"puppet_enterprise_console_detect.nasl\", \"puppet_rest_detect.nasl\");\n script_require_keys(\"puppet/rest_port\", \"installed_sw/puppet_enterprise_console\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\napp = 'Puppet REST API'; # we get both enterprise and open-source versions from the api...\n\n# Make sure we detected a version \nport = get_kb_item_or_exit('puppet/rest_port');\nver = get_kb_item_or_exit('puppet/' + port + '/version');\n\n# Make sure the Console service is running\nget_kb_item_or_exit('installed_sw/puppet_enterprise_console');\n\napp_info = vcf::get_app_info(app:app, port:port, webapp:TRUE, kb_ver: 'puppet/' + port + '/version');\n\n# version info obtained from https://puppet.com/docs/pe/2018.1/component_versions_in_recent_pe_releases.html\nconstraints = [\n {\"min_version\" : \"4.0.0\", \"fixed_version\" : \"4.10.1\", \"fixed_display\" : \"Puppet Enterprise (2016.4.5 / 2017.2.1)\"}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
