Lucene search

K

GoogleOSV:GHSA-VXF6-W9MP-95HM

HistoryOct 24, 2017 - 6:33 p.m.

Puppet supports use of IP addresses in certnames without warning of potential risks

2017-10-2418:33:38

Google

osv.dev

11

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.9%

lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.

CPENameOperatorVersion
puppeteq0.18.4
puppeteq0.13.1
puppeteq0.16.0
puppeteq2.7.16
puppeteq0.25.4
puppeteq2.6.1
puppeteq2.6.13
puppeteq2.6.2
puppeteq2.6.6
puppeteq0.24.2

Rows per page:

1-10 of 591

References

puppetlabs.com/security/cve/cve-2012-3408

bugzilla.redhat.com/show_bug.cgi?id=839166

github.com/puppetlabs/puppet

github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd

github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3408.yml

nvd.nist.gov/vuln/detail/CVE-2012-3408

www.puppet.com/security/cve/cve-2012-3408-agent-impersonation

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.9%

Related for OSV:GHSA-VXF6-W9MP-95HM

cve1 prion1 ubuntucve1 debiancve1 github1 openvas2 fedora1 nessus1