CVE-2012-3864

Published: Aug 6, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

SUSE-SU-2012:0983

vendor-advisory

x_refsource_SUSE

http://puppetlabs.com/security/cve/cve-2012-3864/

x_refsource_CONFIRM

DSA-2511

vendor-advisory

x_refsource_DEBIAN

USN-1506-1

vendor-advisory

x_refsource_UBUNTU

50014

third-party-advisory

x_refsource_SECUNIA

https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4

x_refsource_CONFIRM

openSUSE-SU-2012:0891

vendor-advisory

x_refsource_SUSE

https://bugzilla.redhat.com/show_bug.cgi?id=839130

x_refsource_CONFIRM

https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-3864

Description

Affected Products

References