Lucene search

Puppet supports use of IP addresses in certnames without warning of potential risks

🗓️ 24 Oct 2017 18:38:33Reported by GitHub Advisory DatabaseType

Puppet allows the use of IP addresses in certnames without warning of risk

Reporter	Title	Published	Views	Family All 12
Cvelist	CVE-2012-3408	6 Aug 201216:00	–	cvelist
Prion	Code injection	6 Aug 201216:55	–	prion
NVD	CVE-2012-3408	6 Aug 201216:55	–	nvd
UbuntuCve	CVE-2012-3408	6 Aug 201200:00	–	ubuntucve
Debian CVE	CVE-2012-3408	6 Aug 201216:55	–	debiancve
OSV	Puppet supports use of IP addresses in certnames without warning of potential risks	24 Oct 201718:33	–	osv
CVE	CVE-2012-3408	6 Aug 201216:55	–	cve
RubySec	Agent Imprersonation in Puppet	23 Oct 201721:00	–	rubygems
Tenable Nessus	Fedora 17 : puppet-2.7.18-1.fc17 (2012-10891)	30 Jul 201200:00	–	nessus
Fedora	[SECURITY] Fedora 17 Update: puppet-2.7.18-1.fc17	28 Jul 201201:20	–	fedora

Vulners

Node

puppet puppetRange<2.7.18

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2012-3408
github	www.github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
puppetlabs	www.puppetlabs.com/security/cve/cve-2012-3408/
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3408.yml
puppet	www.puppet.com/security/cve/cve-2012-3408-agent-impersonation
github	www.github.com/advisories/GHSA-vxf6-w9mp-95hm

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 Oct 2017 18:33Current

6.3Medium risk

Vulners AI Score6.3

CVSS22.6

EPSS0.00785

CWE-287

puppet ip addresses certnames warning potential risks remote attackers spoof agent