2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.1%
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet
Enterprise before 2.5.2, supports use of IP addresses in certnames without
warning of potential risks, which might allow remote attackers to spoof an
agent by acquiring a previously used IP address.
Author | Note |
---|---|
mdeslaur | This would break existing installations. This will be fixed in upstream 3.0. For 2.7, USN-1506-1 added a deprecation warning. Since this change would break existing installations, we will not fix this in Ubuntu. |