CVE-2011-0528
Published: 31 January 2011
Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
Notes
Author | Note |
---|---|
jdstrand | per upstream, puppet prior to 2.6.0 not affected improper merges from Debian uncommitted the upstream fixes for this in 11.04 and 11.10. |