VulnerableCode Vulnerability Details - VCID-5qhd-8wfe-27dy

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-5qhd-8wfe-27dy

Essentials
Severities (18)
References (14)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-5qhd-8wfe-27dy
Aliases	CVE-2011-0528 GHSA-9pvx-fwwh-w289
Summary	Puppet does not properly restrict access to node resources Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-284	Improper Access Control

System	Score	Found at
epss	0.00265	https://api.first.org/data/v1/epss?cve=CVE-2011-0528
epss	0.00265	https://api.first.org/data/v1/epss?cve=CVE-2011-0528
epss	0.00265	https://api.first.org/data/v1/epss?cve=CVE-2011-0528
epss	0.00265	https://api.first.org/data/v1/epss?cve=CVE-2011-0528
epss	0.00265	https://api.first.org/data/v1/epss?cve=CVE-2011-0528
epss	0.00265	https://api.first.org/data/v1/epss?cve=CVE-2011-0528
epss	0.00265	https://api.first.org/data/v1/epss?cve=CVE-2011-0528
epss	0.00265	https://api.first.org/data/v1/epss?cve=CVE-2011-0528
epss	0.00265	https://api.first.org/data/v1/epss?cve=CVE-2011-0528
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-9pvx-fwwh-w289
generic_textual	MODERATE	https://github.com/puppetlabs/puppet
generic_textual	MODERATE	https://github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3
generic_textual	MODERATE	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.yml
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2011-0528
generic_textual	MODERATE	http://www.mail-archive.com/puppet-users@googlegroups.com/msg16429.html
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2011/01/27/6
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2011/01/31/5
generic_textual	MODERATE	http://www.ubuntu.com/usn/USN-1365-1

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0528.json
		https://api.first.org/data/v1/epss?cve=CVE-2011-0528
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0528
		https://github.com/puppetlabs/puppet
		https://github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.yml
		http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html
		http://www.mail-archive.com/puppet-users@googlegroups.com/msg16429.html
		http://www.openwall.com/lists/oss-security/2011/01/27/6
		http://www.openwall.com/lists/oss-security/2011/01/31/5
		http://www.ubuntu.com/usn/USN-1365-1
CVE-2011-0528		https://nvd.nist.gov/vuln/detail/CVE-2011-0528
GHSA-9pvx-fwwh-w289		https://github.com/advisories/GHSA-9pvx-fwwh-w289
USN-1365-1		https://usn.ubuntu.com/1365-1/

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.49966
EPSS Score	0.00265
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:50:38.651345+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/puppet/CVE-2011-0528.yml	38.0.0