3 matches found
puppet: Arbitrary catalog retrieval
A flaw was found in Puppet, where changes in the application lead to node declarations having increased access. An attacker can use this flaw to modify run facts and to retrieve different nodes of information when the stricthostnamechecking is false, and the node's catalog falls back to the defau...
FreeBSD : puppet6 -- Arbitrary Catalog Retrieval (77687355-52aa-11ea-b115-643150d3111d)
Puppetlabs reports : Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog c...
puppet6 -- Arbitrary Catalog Retrieval
Puppetlabs reports: Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog ca...