Описание
The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.
Уязвимые конфигурации
Конфигурация 1Версия до 3.1.1 (включая)
Одно из
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00223
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
debian
почти 12 лет назад
The master external node classification script in Puppet Enterprise be ...
github
больше 3 лет назад
The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.
EPSS
Процентиль: 45%
0.00223
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-287