First published: Wed Jul 11 2012(Updated: )
From puppet labs: <a href="https://access.redhat.com/security/cve/CVE-2012-3864">CVE-2012-3864</a> (Arbitrary File Read) A bug in Puppet 2.6.16 and 2.7.17 allows authenticated clients to read arbitrary files from the puppet master. Given a valid certificate and private key, it is possible to construct an HTTP GET request that will return the contents of an arbitrary file on the Puppet master. These requests can retrieve any file that the puppet master has read-access to. Resolved in Puppet 2.6.17, 2.7.18
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Puppet Puppet | =2.6.0 | |
Puppet Puppet | =2.6.1 | |
Puppet Puppet | =2.6.2 | |
Puppet Puppet | =2.6.3 | |
Puppet Puppet | =2.6.4 | |
Puppet Puppet | =2.6.5 | |
Puppet Puppet | =2.6.6 | |
Puppet Puppet | =2.6.7 | |
Puppet Puppet | =2.6.8 | |
Puppet Puppet | =2.6.9 | |
Puppet Puppet | =2.6.10 | |
Puppet Puppet | =2.6.11 | |
Puppet Puppet | =2.6.12 | |
Puppet Puppet | =2.6.13 | |
Puppet Puppet | =2.6.14 | |
Puppet Puppet | =2.6.15 | |
Puppet Puppet | =2.7.2 | |
Puppet Puppet | =2.7.3 | |
Puppet Puppet | =2.7.4 | |
Puppet Puppet | =2.7.5 | |
Puppet Puppet | =2.7.6 | |
Puppet Puppet | =2.7.7 | |
Puppet Puppet | =2.7.8 | |
Puppet Puppet | =2.7.9 | |
Puppet Puppet | =2.7.10 | |
Puppet Puppet | =2.7.11 | |
Puppet Puppet | =2.7.12 | |
Puppet Puppet | =2.7.13 | |
Puppet Puppet | =2.7.14 | |
Puppet Puppet | =2.7.16 | |
Puppet Puppet | =2.7.17 | |
Puppetlabs Puppet | <=2.6.16 | |
Puppetlabs Puppet | =2.7.0 | |
Puppetlabs Puppet | =2.7.1 | |
Puppet Puppet Enterprise | <=2.5.1 | |
redhat/puppet | <2.6.17 | 2.6.17 |
redhat/puppet | <2.7.18 | 2.7.18 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.