Information Disclosure

2018-02-1211:04:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

puppet is vulnerable to information disclosures. The application does not specify which environment a specific agent should be able to access, allowing an agent to retrieve sensitive facts from an unauthorized environment.

CPENameOperatorVersion
puppetle5.3.3
rubygem-kafo_wizardseq0.0.1__1.el7ui
rubygem-kafo_wizardseq0.0.1__1.el7sat
tfm-rubygem-extlibeq0.9.16__4.el7sat
tfm-rubygem-extlibeq0.9.16__3.el7sat
tfm-rubygem-trollopeq2.1.2__1.el7sat
tfm-rubygem-trollopeq2.0__5.el7sat
tfm-rubygem-parse-croneq0.1.4__2.fm1_15.el7sat
tfm-rubygem-parse-croneq0.1.4__2.el7sat
tfm-rubygem-will_paginateeq3.0.7__1.el7sat

Name	Operator	Version
puppet	le	5.3.3
rubygem-kafo_wizards	eq	0.0.1__1.el7ui
rubygem-kafo_wizards	eq	0.0.1__1.el7sat
tfm-rubygem-extlib	eq	0.9.16__4.el7sat
tfm-rubygem-extlib	eq	0.9.16__3.el7sat
tfm-rubygem-trollop	eq	2.1.2__1.el7sat
tfm-rubygem-trollop	eq	2.0__5.el7sat
tfm-rubygem-parse-cron	eq	0.1.4__2.fm1_15.el7sat
tfm-rubygem-parse-cron	eq	0.1.4__2.el7sat
tfm-rubygem-will_paginate	eq	3.0.7__1.el7sat