Vulnerability Details : CVE-2015-1029
The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.
Products affected by CVE-2015-1029
- cpe:2.3:a:puppet:stdlib:4.5.0:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:2.3.3:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:2.3.2:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:2.3.1:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:2.3.0:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:2.2.1:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:4.2.2:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:4.2.1:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:4.2.0:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:4.1.0:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:4.3.2:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:4.3.0:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:3.0.0:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:2.4.0:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:2.2.0:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:2.1.1:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:4.4.0:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:4.3.1:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:2.5.0:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:2.1.3:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:2.1.2:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
- cpe:2.3:a:puppet:stdlib:2.1.0:*:*:*:*:puppet:*:*When used together with: Puppet » Puppet Enterprise
Exploit prediction scoring system (EPSS) score for CVE-2015-1029
0.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1029
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2015-1029
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1029
-
http://secunia.com/advisories/62328
Sign in
-
http://puppetlabs.com/security/cve/cve-2015-1029
CVE-2015-1029 | PuppetVendor Advisory
Jump to