CVE-2012-3864
N/A
N/A
Summary
Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
- http://puppetlabs.com/security/cve/cve-2012-3864/
- http://www.debian.org/security/2012/dsa-2511
- http://www.ubuntu.com/usn/USN-1506-1
- http://secunia.com/advisories/50014
- https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4
- http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
- https://bugzilla.redhat.com/show_bug.cgi?id=839130
- https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87
References
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
- http://puppetlabs.com/security/cve/cve-2012-3864/
- http://www.debian.org/security/2012/dsa-2511
- http://www.ubuntu.com/usn/USN-1506-1
- http://secunia.com/advisories/50014
- https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4
- http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
- https://bugzilla.redhat.com/show_bug.cgi?id=839130
- https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.