Lucene search
K

25 matches found

RubySec
RubySec
added 2015/02/10 12:0 a.m.20 views

Puppet Labs Facter allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...

2.1CVSS6.6AI score0.00353EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2013/07/05 12:0 a.m.41 views

puppet -- multiple vulnerabilities

Puppet Labs reports: By using the resourcetype service, an attacker could cause puppet to load arbitrary Ruby files from the puppet master node's file system. While this behavior is not enabled by default, auth.conf settings could be modified to allow it. The exploit requires local file system...

5.1CVSS6.4AI score0.01643EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/06/24 12:0 a.m.11 views

Puppet Labs Puppet Enterprise Server Detection

Binary data 6881.prm...

7.3AI score
Exploits0
Prion
Prion
added 2013/04/10 3:55 p.m.19 views

Code injection

Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file casclientconfig.yml when upgrading from older 1.2.x or 2.0.x versions, which allows remote attackers to obtain console access via a crafted cookie...

5CVSS7AI score0.01318EPSS
Exploits0References3Affected Software2
Tenable Nessus
Tenable Nessus
added 2013/04/01 12:0 a.m.41 views

Fedora 17 : puppet-2.7.21-2.fc17 (2013-4187)

Updates for the security announcements from Puppet Labs on 12-Mar-2013. https://groups.google.com/group/puppet-announce/t/9200f268f8479e2c This update also provides backported fixes for a number of issues with ruby-1.9. Note that Tenable Network Security has extracted the preceding description...

9CVSS7.2AI score0.05375EPSS
Exploits0References14
Rows per page
Query Builder