What is CVE-2015-1029?

CVE-2015-1029 is a vulnerability in Puppet Puppet_enterprise, classified under CWE-264. Published 2015-01-16.

Is CVE-2015-1029 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Puppet Puppet_enterprise

CVE-2015-1029

The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.

EPSS: 0.004 (62.9th percentile) — read the EPSS interpretation.

Affected products

Puppet Puppet_enterprise
Puppet Stdlib — versions 2.1.0, 2.1.1, 2.1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

puppetlabs/puppetlabs-compliance_

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
62328 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2015-1029?: CVE-2015-1029 is a vulnerability in Puppet Puppet_enterprise, classified under CWE-264. Published 2015-01-16.
Is CVE-2015-1029 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.