Lucene search

K
osvGoogleOSV:GHSA-PQJ5-7R86-64FV
HistoryMay 13, 2022 - 1:06 a.m.

Puppet Improper Access Control

2022-05-1301:06:16
Google
osv.dev
5
puppet
server
ruby
puppetmaster
access control
remote attackers
bypass
url decoding

AI Score

6.9

Confidence

Low

EPSS

0.006

Percentile

79.0%

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.

AI Score

6.9

Confidence

Low

EPSS

0.006

Percentile

79.0%