Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-7942

Опубликовано: 18 фев. 2020
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting strict_hostname_checking = true in puppet.conf on your Puppet master. Puppet 6.13.0 and 5.5.19 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior. Affected software versions: Puppet 6.x prior to 6.13.0 Puppet Agent 6.x prior to 6.13.0 Puppet 5.5.x prior to 5.5.19 Puppet Agent 5.5.x prior to 5.5.19 Resolved in: Puppet 6.13.0 Puppet Agent 6.13.0 Puppet 5.5.19 Puppet Agent 5.5.19

A flaw was found in Puppet, where changes in the application lead to node declarations having increased access. An attacker can use this flaw to modify run facts and to retrieve different nodes of information when the strict_hostname_checking is false, and the node's catalog falls back to the default node.

Отчет

In Red Hat OpenStack Platform, Puppet is invoked as a standalone component (puppet master is not run). This means that although the vulnerable code might be present, it is not used, resulting in a lowered impact rating and no update will be provided at this time.

Меры по смягчению последствий

In the puppet.conf configuration file set strict_hostname_checking = true.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 10 (Newton)puppetOut of support scope
Red Hat OpenStack Platform 13 (Queens)puppetWill not fix
Red Hat OpenStack Platform 15 (Stein)puppetWill not fix
Red Hat OpenStack Platform 16.1puppetWill not fix
Red Hat OpenStack Platform 16.2puppetWill not fix
Red Hat Update Infrastructure 3 for Cloud ProviderspuppetFix deferred
Red Hat Satellite 6.8 for RHEL 7ansible-collection-redhat-satelliteFixedRHSA-2020:436627.10.2020
Red Hat Satellite 6.8 for RHEL 7ansiblerole-foreman_scap_clientFixedRHSA-2020:436627.10.2020
Red Hat Satellite 6.8 for RHEL 7ansiblerole-insights-clientFixedRHSA-2020:436627.10.2020
Red Hat Satellite 6.8 for RHEL 7ansiblerole-satellite-receptor-installerFixedRHSA-2020:436627.10.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-297
https://bugzilla.redhat.com/show_bug.cgi?id=1816720puppet: Arbitrary catalog retrieval

EPSS

Процентиль: 31%
0.00119
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-7942

CVSS3: 6.5
ubuntu
почти 6 лет назад

Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 and 5.5.19 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior. Affected software versions: Puppet 6.x prior to 6.13.0 Puppet Agent 6.x prior to 6.13.0 Puppet 5.5.x prior to 5.5.19 Puppet Agent 5.5.x prior to 5.5.19 Resolved in: Puppet 6.13.0 Puppet Agent 6.13.0 Puppet 5.5.19 Puppet Agent 5.5.19

nvd логотип

CVE-2020-7942

CVSS3: 6.5
nvd
почти 6 лет назад

Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 and 5.5.19 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior. Affected software versions: Puppet 6.x prior to 6.13.0 Puppet Agent 6.x prior to 6.13.0 Puppet 5.5.x prior to 5.5.19 Puppet Agent 5.5.x prior to 5.5.19 Resolved in: Puppet 6.13.0 Puppet Agent 6.13.0 Puppet 5.5.19 Puppet Agent 5.5.19

debian логотип

CVE-2020-7942

CVSS3: 6.5
debian
почти 6 лет назад

Previously, Puppet operated on a model that a node with a valid certif ...

suse-cvrf логотип

SUSE-SU-2020:1057-1

suse-cvrf
почти 6 лет назад

Security update for puppet

github логотип

GHSA-gqvf-892r-vjm5

CVSS3: 6.5
github
почти 5 лет назад

Improper Certificate Validation in Puppet

EPSS

Процентиль: 31%
0.00119
Низкий

6.5 Medium

CVSS3

Уязвимость CVE-2020-7942