11 matches found
openSUSE Security Update : puppet (openSUSE-SU-2012:0891-1)
puppet was updated to fix various security issues: CVEs fixed : - bnc770828 - CVE-2012-3864: puppet: authenticated clients can read arbitrary files via a flaw in puppet master - bnc770829 - CVE-2012-3865: puppet: arbitrary file delete / Denial of Service on Puppet Master by authenticated clients ...
Fedora Update for puppet FEDORA-2013-4187
Check for the Version of puppet OpenVAS Vulnerability Test Fedora Update for puppet FEDORA-2013-4187 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
Fedora Update for puppet FEDORA-2013-4187
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Low: puppet
Issue Overview: Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a...
Fedora Update for puppet FEDORA-2012-10891
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Debian Security Advisory DSA 2511-1 (puppet)
The remote host is missing an update to puppet announced via advisory DSA 2511-1. OpenVAS Vulnerability Test $Id: deb25111.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2511-1 puppet Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
Debian: Security Advisory (DSA-2511-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2012-3866
Puppet 2.7.x before 2.7.18 and Puppet Enterprise before 2.5.2 fix a local information-disclosure issue: last_run_report.yaml is created with 0644 permissions, allowing local users with puppet-master access to read sensitive configuration. The vulnerability is limited to local access; no exploitat...
CVE-2012-3866
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for lastrunreport.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file...
Fedora Update for puppet FEDORA-2012-10897
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
USN-1506-1: Puppet vulnerabilities
It was discovered that Puppet incorrectly handled certain HTTP GET requests. An attacker could use this flaw with a valid client certificate to retrieve arbitrary files from the Puppet primary server. CVE-2012-3864 It was discovered that Puppet incorrectly handled Delete requests. If a Puppet...