Lucene search
GoogleOSV:DSA-2511-1HistoryJul 12, 2012 - 12:00 a.m.
puppet - several
2012-07-1200:00:00
Google
osv.dev
6
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Several security vulnerabilities have been found in Puppet, a
centralized configuration management:
- CVE-2012-3864
Authenticated clients could read arbitrary files on the puppet
master. - CVE-2012-3865
Authenticated clients could delete arbitrary files on the puppet
master. - CVE-2012-3866
The report of the most recent Puppet run was stored with world readable
permissions, resulting in information disclosure. - CVE-2012-3867
Agent hostnames were insufficiently validated.
For the stable distribution (squeeze), this problem has been fixed in
version 2.6.2-5+squeeze6.
For the unstable distribution (sid), this problem has been fixed in
version 2.7.18-1.
We recommend that you upgrade your puppet packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| puppet | eq | 2.6.2-5+squeeze3 | |
| puppet | eq | 2.6.2-5+squeeze5 | |
| puppet | eq | 2.6.2-5 | |
| puppet | eq | 2.6.2-5+squeeze1 | |
| puppet | eq | 2.6.2-5+squeeze4 | |
| puppet | eq | 2.6.2-4 |
References
Related
nessus
nessus
openSUSE Security Update : puppet (openSUSE-SU-2012:0891-1)
2014-06-13 00:00:00
Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : puppet vulnerabilities (USN-1506-1)
2012-07-13 00:00:00
Debian DSA-2511-1 : puppet - several vulnerabilities
2012-07-18 00:00:00
openvas
openvas
FreeBSD Ports: puppet
2012-08-10 00:00:00
Ubuntu: Security Advisory (USN-1506-1)
2012-07-16 00:00:00
Debian Security Advisory DSA 2511-1 (puppet)
2012-08-10 00:00:00
securityvulns
securityvulns
[USN-1506-1] Puppet vulnerabilities
2012-07-16 00:00:00
amazon
amazon
Low: puppet
2012-10-15 12:29:00
debian
debian
[SECURITY] [DSA 2511-1] puppet security update
2012-07-12 18:55:52
freebsd
freebsd
puppet -- multiple vulnerabilities
2012-07-05 00:00:00
puppet -- multiple vulnerabilities
2012-07-10 00:00:00
ubuntu
ubuntu
Puppet vulnerabilities
2012-07-12 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: puppet-2.7.18-1.fc17
2012-07-28 01:20:31
[SECURITY] Fedora 16 Update: puppet-2.6.17-2.fc16
2012-07-28 01:17:34
[SECURITY] Fedora 17 Update: puppet-2.7.21-2.fc17
2013-03-30 21:31:30
suse
suse
Security update for puppet (important)
2012-08-13 19:08:37
prion
prion
Design/Logic Flaw
2012-08-06 16:55:00
Design/Logic Flaw
2012-08-06 16:55:00
Directory traversal
2012-08-06 16:55:00
cve
cve
osv
osv
Puppet allows local users to obtain sensitive configuration information
2017-10-24 18:33:37
Puppet vulnerable to Path Traversal
2017-10-24 18:33:37
ubuntucve
ubuntucve
debiancve
debiancve
github
github
Puppet allows local users to obtain sensitive configuration information
2017-10-24 18:33:37
Pupper does not properly restrict characters in Common Name field of Certificate Signing Request
2017-10-24 18:33:37
Puppet vulnerable to Path Traversal
2017-10-24 18:33:37
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related for OSV:DSA-2511-1