Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-3864

Опубликовано: 10 июл. 2012
Источник: redhat
CVSS2: 2.1

Описание

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat CloudForms Tools 1puppetAffected
Red Hat Enterprise MRG 1puppetWill not fix
CloudForms for RHEL 6converge-ui-develFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6puppetFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-actionpackFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-activerecordFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-activesupportFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-chunky_pngFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-compassFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-compass-960-pluginFixedRHSA-2012:154204.12.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=839130puppet: authenticated clients allowed to read arbitrary files from the puppet master

2.1 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-3864

ubuntu
больше 13 лет назад

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.

nvd логотип

CVE-2012-3864

nvd
больше 13 лет назад

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.

debian логотип

CVE-2012-3864

debian
больше 13 лет назад

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise be ...

github логотип

GHSA-8xhg-x93x-j983

github
больше 3 лет назад

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.

2.1 Low

CVSS2