Описание
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.
Ссылки
- Vendor Advisory
- ExploitPatch
- Vendor Advisory
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1Версия до 2.7.17 (включая)
Одно из
cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
Конфигурация 2Версия до 2.5.1 (включая)
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.0005
Низкий
2.1 Low
CVSS2
Дефекты
CWE-264
Связанные уязвимости
ubuntu
больше 13 лет назад
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.
debian
больше 13 лет назад
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enter ...
github
больше 8 лет назад
Puppet allows local users to obtain sensitive configuration information
EPSS
Процентиль: 16%
0.0005
Низкий
2.1 Low
CVSS2
Дефекты
CWE-264