Lucene search
HistoryAug 06, 2012 - 4:55 p.m.
CVE-2012-3408
puppet
ip addresses
certnames
spoofing
security vulnerability
6.5 Medium
AI Score
Confidence
Low
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.2%
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.
| CPE | Name | Operator | Version |
|---|---|---|---|
| puppetlabs:puppet | puppetlabs puppet | lt | 2.7.18 |
| puppet:puppet_enterprise | puppet puppet enterprise | lt | 2.5.2 |
Related
osv
osv
prion
prion
Code injection
2012-08-06 16:55:00
ubuntucve
ubuntucve
CVE-2012-3408
2012-08-06 00:00:00
debiancve
debiancve
CVE-2012-3408
2012-08-06 16:55:00
github
github
openvas
openvas
Fedora Update for puppet FEDORA-2012-10891
2012-08-30 00:00:00
Fedora Update for puppet FEDORA-2012-10891
2012-08-30 00:00:00
nessus
nessus
Fedora 17 : puppet-2.7.18-1.fc17 (2012-10891)
2012-07-30 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: puppet-2.7.18-1.fc17
2012-07-28 01:20:31
6.5 Medium
AI Score
Confidence
Low
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.2%
Related for CVE-2012-3408