-
Posted March 4, 2014
-
Assessed Risk Level: Medium
PostgreSQL did not properly enforce the WITH ADMIN OPTION permission for role management, which allowed any member of a role the ability to grant others access to the same role regardless if the member was given the WITH ADMIN OPTION permission. For more details please see:
http://wiki.postgresql.org/wiki/20140220securityrelease#SET_ROLE_bypasses_lack_of_ADMIN_OPTION
Status
- Affected Versions: Puppet Enterprise 3.x
- Resolved in Puppet Enterprise 3.2.0