First published: Tue May 29 2012(Updated: )
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Puppet Puppet | =2.6.0 | |
Puppet Puppet | =2.6.1 | |
Puppet Puppet | =2.6.2 | |
Puppet Puppet | =2.6.3 | |
Puppet Puppet | =2.6.4 | |
Puppet Puppet | =2.6.5 | |
Puppet Puppet | =2.6.6 | |
Puppet Puppet | =2.6.7 | |
Puppet Puppet | =2.6.8 | |
Puppet Puppet | =2.6.9 | |
Puppet Puppet | =2.6.10 | |
Puppet Puppet | =2.6.11 | |
Puppet Puppet | =2.6.12 | |
Puppet Puppet | =2.6.13 | |
Puppet Puppet | =2.6.14 | |
Puppet Puppet | =2.7.2 | |
Puppet Puppet | =2.7.3 | |
Puppet Puppet | =2.7.4 | |
Puppet Puppet | =2.7.5 | |
Puppet Puppet | =2.7.6 | |
Puppet Puppet | =2.7.7 | |
Puppet Puppet | =2.7.8 | |
Puppet Puppet | =2.7.9 | |
Puppet Puppet | =2.7.10 | |
Puppet Puppet | =2.7.11 | |
Puppet Puppet Enterprise | =2.5.0 | |
Puppetlabs Puppet | =2.7.0 | |
Puppetlabs Puppet | =2.7.1 | |
Puppet Puppet Enterprise | =1.2.0 | |
Puppet Puppet Enterprise | =1.2.1 | |
Puppet Puppet Enterprise | =1.2.2 | |
Puppet Puppet Enterprise | =1.2.3 | |
Puppet Puppet Enterprise | =1.2.4 | |
Puppet Puppet Enterprise | =2.0.0 | |
Puppet Puppet Enterprise | =2.0.1 | |
Puppet Puppet Enterprise | =2.0.2 | |
Puppetlabs Puppet Enterprise Users | =1.0 | |
Puppetlabs Puppet Enterprise Users | =1.1 | |
debian/puppet | 5.5.10-4 5.5.22-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.