Описание
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
Отчет
This issue did not affect the versions of Puppet as shipped with various Red Hat products as they did not include support Puppet 3.x (using Passenger 4.x).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenStack Foreman | puppet | Will not fix | ||
| Red Hat Ceph Storage 1.3 | puppet | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | puppet | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | puppet | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer | puppet | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | puppet | Will not fix | ||
| Red Hat OpenStack Platform 8 (Liberty) | puppet | Will not fix | ||
| Red Hat Satellite 6 | puppet | Not affected | ||
| Red Hat Subscription Asset Manager | puppet | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before ...
EPSS
5 Medium
CVSS2