SUSE: Security Advisory (SUSE-SU-2012:0983-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : puppet (openSUSE-SU-2012:0891-1)

puppet was updated to fix various security issues: CVEs fixed : - bnc770828 - CVE-2012-3864: puppet: authenticated clients can read arbitrary files via a flaw in puppet master - bnc770829 - CVE-2012-3865: puppet: arbitrary file delete / Denial of Service on Puppet Master by authenticated clients ...

Fedora Update for puppet FEDORA-2013-4187

Check for the Version of puppet OpenVAS Vulnerability Test Fedora Update for puppet FEDORA-2013-4187 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Fedora Update for puppet FEDORA-2013-4187

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Low: puppet

Issue Overview: Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a...

Fedora Update for puppet FEDORA-2012-10891

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Debian Security Advisory DSA 2511-1 (puppet)

The remote host is missing an update to puppet announced via advisory DSA 2511-1. OpenVAS Vulnerability Test $Id: deb25111.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2511-1 puppet Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian: Security Advisory (DSA-2511-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-3867

lib/puppet/ssl/certificateauthority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request CSR, which makes it easier for user-assisted remote attackers to trick...

DEBIAN-CVE-2012-3867

lib/puppet/ssl/certificateauthority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request CSR, which makes it easier for user-assisted remote attackers to trick...

CVE-2012-3867

lib/puppet/ssl/certificateauthority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request CSR, which makes it easier for user-assisted remote attackers to trick...

CVE-2012-3867

CVE-2012-3867 affects Puppet modules where CSR Common Name validation is lax in Puppet before 2.6.17 and in 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2. This allows user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequenc...

CVE-2012-3867

lib/puppet/ssl/certificateauthority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request CSR, which makes it easier for user-assisted remote attackers to trick...

Fedora Update for puppet FEDORA-2012-10897

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

USN-1506-1: Puppet vulnerabilities

It was discovered that Puppet incorrectly handled certain HTTP GET requests. An attacker could use this flaw with a valid client certificate to retrieve arbitrary files from the Puppet primary server. CVE-2012-3864 It was discovered that Puppet incorrectly handled Delete requests. If a Puppet...

CVE-2012-3867

lib/puppet/ssl/certificateauthority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request CSR, which makes it easier for user-assisted remote attackers to trick...