Lucene search

K

PRIOn knowledge basePRION:CVE-2012-3864

HistoryAug 06, 2012 - 4:55 p.m.

Cross site request forgery (csrf)

2012-08-0616:55:00

PRIOn knowledge base

www.prio-n.com

7

6.6 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

77.2%

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user’s certificate and private key in a GET request.

CPENameOperatorVersion
puppeteq2.6.0
puppeteq2.6.1
puppeteq2.6.2
puppeteq2.6.3
puppeteq2.6.4
puppeteq2.6.5
puppeteq2.6.6
puppeteq2.6.7
puppeteq2.6.8
puppeteq2.6.9

Rows per page:

1-10 of 351

References

lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html

lists.opensuse.org/opensuse-updates/2012-07/msg00036.html

puppetlabs.com/security/cve/cve-2012-3864/

secunia.com/advisories/50014

www.debian.org/security/2012/dsa-2511

www.ubuntu.com/usn/USN-1506-1

bugzilla.redhat.com/show_bug.cgi?id=839130

github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4

github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87

6.6 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

77.2%

Related for PRION:CVE-2012-3864

debiancve1 cve1 ubuntucve1 suse1 openvas14 freebsd2 nessus9 debian1 amazon1 securityvulns2 osv1 ubuntu1 fedora3