cvelistv5 - CVE-2015-1029

CVE-2015-1029 (GCVE-0-2015-1029)

Vulnerability from cvelistv5 – Published: 2015-01-16 16:00 – Updated: 2024-08-06 04:33

Summary

The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://puppetlabs.com/security/cve/cve-2015-1029	x_refsource_CONFIRM
	http://secunia.com/advisories/62328	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:33:19.249Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://puppetlabs.com/security/cve/cve-2015-1029"
          },
          {
            "name": "62328",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62328"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-01-16T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://puppetlabs.com/security/cve/cve-2015-1029"
        },
        {
          "name": "62328",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62328"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-1029",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://puppetlabs.com/security/cve/cve-2015-1029",
              "refsource": "CONFIRM",
              "url": "http://puppetlabs.com/security/cve/cve-2015-1029"
            },
            {
              "name": "62328",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62328"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-1029",
    "datePublished": "2015-01-16T16:00:00",
    "dateReserved": "2015-01-10T00:00:00",
    "dateUpdated": "2024-08-06T04:33:19.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:2.1.0:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"A800F031-8664-421D-ABF0-ABEE770683B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:2.1.1:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"2B56C8B2-84DA-4A82-8280-D67A04FCA66B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:2.1.2:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"F0B3F1C8-6380-4B51-92E5-BFA87B0BEEA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:2.1.3:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"68547D26-77FD-4365-A032-FD2FCCFE492B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:2.2.0:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"6E878BAF-A709-40AC-9657-6DA9A5193042\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:2.2.1:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"AC768DD7-93A6-4F85-BB99-133D0F61C52E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:2.3.0:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"CCBCFD76-1252-4921-87E1-91AA3EB4CADF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:2.3.1:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"BA327AED-696D-46F3-8C46-3622ADC6486B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:2.3.2:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"2D626E51-252B-4CB2-8EA4-C2965605E9B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:2.3.3:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"3EBEB51F-E8C5-4064-8B3F-A628BE6D7B79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:2.4.0:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"B1020452-140D-4C2A-A526-D5510D6602D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:2.5.0:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"847ADAB6-06EA-442D-B8C0-039016990F24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:3.0.0:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"3A7F320F-6EE4-454A-9972-7F411291858B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:4.1.0:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"E9D3AC9E-1E8F-4A49-9213-87E15D828284\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:4.2.0:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"DDCEAA7C-65FC-48DE-9477-585F3B6DF0BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:4.2.1:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"3A2E8B56-F3F1-4A70-8D40-64481859EB37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:4.2.2:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"89F003DF-67B3-47A0-A590-CE7AF02FDFA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:4.3.0:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"0D676850-BE22-4BF0-B41A-9A9DA1F67D38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:4.3.1:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"43E559F4-FAD2-4AB4-9469-8FB2AB6DB4F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:4.3.2:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"BBC33295-8118-487C-B02A-A2176B22C74C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:4.4.0:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"8DB0C81C-F17E-4A1D-AD69-211A12BFEDE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:stdlib:4.5.0:*:*:*:*:puppet:*:*\", \"matchCriteriaId\": \"1F5DCE6D-1B56-4011-A8B5-BB6AF42CBFAF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.8.8\", \"matchCriteriaId\": \"FE7B8763-117E-4E38-BD46-EE9B23A9B794\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.\"}, {\"lang\": \"es\", \"value\": \"El m\\u00f3dulo puppetlabs-stdlib 2.1 hasta 3.0 y 4.1.0 hasta 4.5.x anterior a 4.5.1 para Puppet 2.8.8 y anteriores permite a usuarios remotos autenticados ganar privilegios o obtener informaci\\u00f3n sensible mediante la prepoblaci\\u00f3n del cach\\u00e9 de hechos.\"}]",
      "id": "CVE-2015-1029",
      "lastModified": "2024-11-21T02:24:30.460",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-01-16T16:59:22.093",
      "references": "[{\"url\": \"http://puppetlabs.com/security/cve/cve-2015-1029\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/62328\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://puppetlabs.com/security/cve/cve-2015-1029\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/62328\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-1029\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-01-16T16:59:22.093\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dulo puppetlabs-stdlib 2.1 hasta 3.0 y 4.1.0 hasta 4.5.x anterior a 4.5.1 para Puppet 2.8.8 y anteriores permite a usuarios remotos autenticados ganar privilegios o obtener informaci\u00f3n sensible mediante la prepoblaci\u00f3n del cach\u00e9 de hechos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:2.1.0:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"A800F031-8664-421D-ABF0-ABEE770683B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:2.1.1:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"2B56C8B2-84DA-4A82-8280-D67A04FCA66B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:2.1.2:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"F0B3F1C8-6380-4B51-92E5-BFA87B0BEEA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:2.1.3:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"68547D26-77FD-4365-A032-FD2FCCFE492B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:2.2.0:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"6E878BAF-A709-40AC-9657-6DA9A5193042\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:2.2.1:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"AC768DD7-93A6-4F85-BB99-133D0F61C52E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:2.3.0:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"CCBCFD76-1252-4921-87E1-91AA3EB4CADF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:2.3.1:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"BA327AED-696D-46F3-8C46-3622ADC6486B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:2.3.2:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"2D626E51-252B-4CB2-8EA4-C2965605E9B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:2.3.3:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"3EBEB51F-E8C5-4064-8B3F-A628BE6D7B79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:2.4.0:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"B1020452-140D-4C2A-A526-D5510D6602D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:2.5.0:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"847ADAB6-06EA-442D-B8C0-039016990F24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:3.0.0:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"3A7F320F-6EE4-454A-9972-7F411291858B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:4.1.0:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"E9D3AC9E-1E8F-4A49-9213-87E15D828284\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:4.2.0:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"DDCEAA7C-65FC-48DE-9477-585F3B6DF0BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:4.2.1:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"3A2E8B56-F3F1-4A70-8D40-64481859EB37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:4.2.2:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"89F003DF-67B3-47A0-A590-CE7AF02FDFA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:4.3.0:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"0D676850-BE22-4BF0-B41A-9A9DA1F67D38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:4.3.1:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"43E559F4-FAD2-4AB4-9469-8FB2AB6DB4F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:4.3.2:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"BBC33295-8118-487C-B02A-A2176B22C74C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:4.4.0:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"8DB0C81C-F17E-4A1D-AD69-211A12BFEDE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:stdlib:4.5.0:*:*:*:*:puppet:*:*\",\"matchCriteriaId\":\"1F5DCE6D-1B56-4011-A8B5-BB6AF42CBFAF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.8.8\",\"matchCriteriaId\":\"FE7B8763-117E-4E38-BD46-EE9B23A9B794\"}]}]}],\"references\":[{\"url\":\"http://puppetlabs.com/security/cve/cve-2015-1029\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/62328\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://puppetlabs.com/security/cve/cve-2015-1029\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/62328\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-G3Q8-3W6W-Q3M9

Vulnerability from github – Published: 2022-05-14 00:56 – Updated: 2022-05-14 00:56

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-1029"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-01-16T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.",
  "id": "GHSA-g3q8-3w6w-q3m9",
  "modified": "2022-05-14T00:56:47Z",
  "published": "2022-05-14T00:56:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1029"
    },
    {
      "type": "WEB",
      "url": "http://puppetlabs.com/security/cve/cve-2015-1029"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62328"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

MSRC_CVE-2015-1029

Vulnerability from csaf_microsoft - Published: 2015-01-02 00:00 - Updated: 2025-02-11 00:00

Summary

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2015-1029 The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2015/msrc_cve-2015-1029.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.",
    "tracking": {
      "current_release_date": "2025-02-11T00:00:00.000Z",
      "generator": {
        "date": "2025-10-19T16:58:31.620Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2015-1029",
      "initial_release_date": "2015-01-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-02-11T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "16817"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 puppet 7.34.0-1",
                "product": {
                  "name": "\u003cazl3 puppet 7.34.0-1",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 puppet 7.34.0-1",
                "product": {
                  "name": "azl3 puppet 7.34.0-1",
                  "product_id": "16818"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 puppet 7.34.0-1",
                "product": {
                  "name": "\u003cazl3 puppet 7.34.0-1",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 puppet 7.34.0-1",
                "product": {
                  "name": "azl3 puppet 7.34.0-1",
                  "product_id": "16818"
                }
              }
            ],
            "category": "product_name",
            "name": "puppet"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 puppet 7.34.0-1 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 puppet 7.34.0-1 as a component of Azure Linux 3.0",
          "product_id": "16818-17084"
        },
        "product_reference": "16818",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 puppet 7.34.0-1 as a component of Azure Linux 3.0",
          "product_id": "16817-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "16817"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 puppet 7.34.0-1 as a component of Azure Linux 3.0",
          "product_id": "16818-16817"
        },
        "product_reference": "16818",
        "relates_to_product_reference": "16817"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-1029",
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "16818-17084",
          "16818-16817"
        ],
        "known_affected": [
          "17084-1",
          "16817-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2015-1029 The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2015/msrc_cve-2015-1029.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-11T00:00:00.000Z",
          "details": "7.34.0-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-1",
            "16817-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "title": "The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache."
    }
  ]
}

GSD-2015-1029

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-1029

Aliases

CVE-2015-1029

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-1029",
    "description": "The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.",
    "id": "GSD-2015-1029"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-1029"
      ],
      "details": "The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.",
      "id": "GSD-2015-1029",
      "modified": "2023-12-13T01:20:05.389203Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-1029",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://puppetlabs.com/security/cve/cve-2015-1029",
            "refsource": "CONFIRM",
            "url": "http://puppetlabs.com/security/cve/cve-2015-1029"
          },
          {
            "name": "62328",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62328"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:4.5.0:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:2.3.3:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:2.3.2:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:2.3.1:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:2.3.0:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:2.2.1:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:4.2.2:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:4.2.1:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:4.2.0:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:4.1.0:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:4.3.2:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:4.3.0:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:3.0.0:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:2.4.0:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:2.2.0:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:2.1.1:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:4.4.0:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:4.3.1:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:2.5.0:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:2.1.3:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:2.1.2:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:stdlib:2.1.0:*:*:*:*:puppet:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.8.8",
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-1029"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://puppetlabs.com/security/cve/cve-2015-1029",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://puppetlabs.com/security/cve/cve-2015-1029"
            },
            {
              "name": "62328",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62328"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-07-11T13:44Z",
      "publishedDate": "2015-01-16T16:59Z"
    }
  }
}

FKIE_CVE-2015-1029

Vulnerability from fkie_nvd - Published: 2015-01-16 16:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://puppetlabs.com/security/cve/cve-2015-1029	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/62328
af854a3a-2127-422b-91ae-364da2661108	http://puppetlabs.com/security/cve/cve-2015-1029	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62328

Impacted products

Vendor	Product	Version
puppet	stdlib	2.1.0
puppet	stdlib	2.1.1
puppet	stdlib	2.1.2
puppet	stdlib	2.1.3
puppet	stdlib	2.2.0
puppet	stdlib	2.2.1
puppet	stdlib	2.3.0
puppet	stdlib	2.3.1
puppet	stdlib	2.3.2
puppet	stdlib	2.3.3
puppet	stdlib	2.4.0
puppet	stdlib	2.5.0
puppet	stdlib	3.0.0
puppet	stdlib	4.1.0
puppet	stdlib	4.2.0
puppet	stdlib	4.2.1
puppet	stdlib	4.2.2
puppet	stdlib	4.3.0
puppet	stdlib	4.3.1
puppet	stdlib	4.3.2
puppet	stdlib	4.4.0
puppet	stdlib	4.5.0
puppet	puppet_enterprise	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:2.1.0:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "A800F031-8664-421D-ABF0-ABEE770683B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:2.1.1:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "2B56C8B2-84DA-4A82-8280-D67A04FCA66B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:2.1.2:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "F0B3F1C8-6380-4B51-92E5-BFA87B0BEEA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:2.1.3:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "68547D26-77FD-4365-A032-FD2FCCFE492B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:2.2.0:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "6E878BAF-A709-40AC-9657-6DA9A5193042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:2.2.1:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "AC768DD7-93A6-4F85-BB99-133D0F61C52E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:2.3.0:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "CCBCFD76-1252-4921-87E1-91AA3EB4CADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:2.3.1:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "BA327AED-696D-46F3-8C46-3622ADC6486B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:2.3.2:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "2D626E51-252B-4CB2-8EA4-C2965605E9B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:2.3.3:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "3EBEB51F-E8C5-4064-8B3F-A628BE6D7B79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:2.4.0:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "B1020452-140D-4C2A-A526-D5510D6602D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:2.5.0:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "847ADAB6-06EA-442D-B8C0-039016990F24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:3.0.0:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "3A7F320F-6EE4-454A-9972-7F411291858B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:4.1.0:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "E9D3AC9E-1E8F-4A49-9213-87E15D828284",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:4.2.0:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "DDCEAA7C-65FC-48DE-9477-585F3B6DF0BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:4.2.1:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "3A2E8B56-F3F1-4A70-8D40-64481859EB37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:4.2.2:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "89F003DF-67B3-47A0-A590-CE7AF02FDFA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:4.3.0:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "0D676850-BE22-4BF0-B41A-9A9DA1F67D38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:4.3.1:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "43E559F4-FAD2-4AB4-9469-8FB2AB6DB4F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:4.3.2:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "BBC33295-8118-487C-B02A-A2176B22C74C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:4.4.0:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "8DB0C81C-F17E-4A1D-AD69-211A12BFEDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:stdlib:4.5.0:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "1F5DCE6D-1B56-4011-A8B5-BB6AF42CBFAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE7B8763-117E-4E38-BD46-EE9B23A9B794",
              "versionEndIncluding": "2.8.8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo puppetlabs-stdlib 2.1 hasta 3.0 y 4.1.0 hasta 4.5.x anterior a 4.5.1 para Puppet 2.8.8 y anteriores permite a usuarios remotos autenticados ganar privilegios o obtener informaci\u00f3n sensible mediante la prepoblaci\u00f3n del cach\u00e9 de hechos."
    }
  ],
  "id": "CVE-2015-1029",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-16T16:59:22.093",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://puppetlabs.com/security/cve/cve-2015-1029"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/62328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://puppetlabs.com/security/cve/cve-2015-1029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62328"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2015-00534

Vulnerability from cnvd - Published: 2015-01-23

Title

Puppet puppetlabs-stdlib模块存在漏洞

Description

Puppet是美国Puppet实验室的一套基于客户端/服务器（C/S）架构的配置管理工具，它可用于管理配置文件、用户、cron任务、软件包、系统服务等。puppetlabs-stdlib是其中的一个标准库模块。 Puppet puppetlabs-stdlib模块存在漏洞。远程攻击者可利用漏洞获取权限和敏感信息。

Severity

中

Patch Name

Puppet puppetlabs-stdlib模块存在漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： http://puppetlabs.com/security/cve/cve-2015-1029

Reference

http://secunia.com/advisories/62328 http://puppetlabs.com/security/cve/cve-2015-1029

Impacted products

Name
['Puppet Labs Puppet Enterprise <= 2.8.8', 'Puppet Labs puppetlabs-stdlib 2.1 - 3.0', 'Puppet Labs puppetlabs-stdlib 4.1.0 - 4.5.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "72734"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1029"
    }
  },
  "description": "Puppet\u662f\u7f8e\u56fdPuppet\u5b9e\u9a8c\u5ba4\u7684\u4e00\u5957\u57fa\u4e8e\u5ba2\u6237\u7aef/\u670d\u52a1\u5668\uff08C/S\uff09\u67b6\u6784\u7684\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\uff0c\u5b83\u53ef\u7528\u4e8e\u7ba1\u7406\u914d\u7f6e\u6587\u4ef6\u3001\u7528\u6237\u3001cron\u4efb\u52a1\u3001\u8f6f\u4ef6\u5305\u3001\u7cfb\u7edf\u670d\u52a1\u7b49\u3002puppetlabs-stdlib\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6807\u51c6\u5e93\u6a21\u5757\u3002\r\n\r\nPuppet puppetlabs-stdlib\u6a21\u5757\u5b58\u5728\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u548c\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Puppet Labs",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a \r\nhttp://puppetlabs.com/security/cve/cve-2015-1029",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-00534",
  "openTime": "2015-01-23",
  "patchDescription": "Puppet\u662f\u7f8e\u56fdPuppet\u5b9e\u9a8c\u5ba4\u7684\u4e00\u5957\u57fa\u4e8e\u5ba2\u6237\u7aef/\u670d\u52a1\u5668\uff08C/S\uff09\u67b6\u6784\u7684\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\uff0c\u5b83\u53ef\u7528\u4e8e\u7ba1\u7406\u914d\u7f6e\u6587\u4ef6\u3001\u7528\u6237\u3001cron\u4efb\u52a1\u3001\u8f6f\u4ef6\u5305\u3001\u7cfb\u7edf\u670d\u52a1\u7b49\u3002puppetlabs-stdlib\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6807\u51c6\u5e93\u6a21\u5757\u3002 \r\n\r\nPuppet puppetlabs-stdlib\u6a21\u5757\u5b58\u5728\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u548c\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Puppet puppetlabs-stdlib\u6a21\u5757\u5b58\u5728\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Puppet Labs Puppet Enterprise \u003c= 2.8.8",
      "Puppet Labs puppetlabs-stdlib 2.1 - 3.0",
      "Puppet Labs puppetlabs-stdlib  4.1.0 - 4.5.0"
    ]
  },
  "referenceLink": "http://secunia.com/advisories/62328 \r\nhttp://puppetlabs.com/security/cve/cve-2015-1029",
  "serverity": "\u4e2d",
  "submitTime": "2015-01-22",
  "title": "Puppet puppetlabs-stdlib\u6a21\u5757\u5b58\u5728\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-1029 (GCVE-0-2015-1029)

GHSA-G3Q8-3W6W-Q3M9

MSRC_CVE-2015-1029

GSD-2015-1029

FKIE_CVE-2015-1029

CNVD-2015-00534

Tags

Sightings

Nomenclature