VulnerableCode Vulnerability Details - VCID-82qk-nct5-77bd

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-82qk-nct5-77bd

Essentials
Severities (9)
References (14)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-82qk-nct5-77bd
Aliases	CVE-2011-0528 GHSA-9pvx-fwwh-w289
Summary	Puppet does not properly restrict access to node resources Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-284	Improper Access Control
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00265	https://api.first.org/data/v1/epss?cve=CVE-2011-0528
generic_textual	MODERATE	https://github.com/puppetlabs/puppet
generic_textual	MODERATE	https://github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3
generic_textual	MODERATE	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.yml
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2011-0528
generic_textual	MODERATE	http://www.mail-archive.com/puppet-users@googlegroups.com/msg16429.html
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2011/01/27/6
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2011/01/31/5
generic_textual	MODERATE	http://www.ubuntu.com/usn/USN-1365-1

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0528.json
		https://api.first.org/data/v1/epss?cve=CVE-2011-0528
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0528
		https://github.com/advisories/GHSA-9pvx-fwwh-w289
		https://github.com/puppetlabs/puppet
		https://github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.yml
		https://nvd.nist.gov/vuln/detail/CVE-2011-0528
		http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html
		http://www.mail-archive.com/puppet-users@googlegroups.com/msg16429.html
		http://www.openwall.com/lists/oss-security/2011/01/27/6
		http://www.openwall.com/lists/oss-security/2011/01/31/5
		http://www.ubuntu.com/usn/USN-1365-1
USN-1365-1		https://usn.ubuntu.com/1365-1/

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.50173
EPSS Score	0.00265
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T09:42:26.586035+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9pvx-fwwh-w289/GHSA-9pvx-fwwh-w289.json	38.6.0