Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-1986

Опубликовано: 10 апр. 2012
Источник: redhat
CVSS2: 3.6

Описание

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat CloudForms Tools 1puppetAffected
Red Hat Enterprise MRG 1puppetWill not fix
CloudForms for RHEL 6converge-ui-develFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6puppetFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-actionpackFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-activerecordFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-activesupportFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-chunky_pngFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-compassFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-compass-960-pluginFixedRHSA-2012:154204.12.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=810069puppet: Filebucket arbitrary file read

3.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-1986

ubuntu
около 13 лет назад

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.

nvd логотип

CVE-2012-1986

nvd
около 13 лет назад

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.

debian логотип

CVE-2012-1986

debian
около 13 лет назад

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterpr ...

github логотип

GHSA-2crf-gcjf-2wmp

github
больше 3 лет назад

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.

fstec логотип

BDU:2015-09668

fstec
около 13 лет назад

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

3.6 Low

CVSS2