2 matches found
[DLA 29-1] puppet security update
Package : puppet Version : 2.6.2-5+squeeze10 CVE ID : CVE-2012-6120 It was discovered that the puppet package did not restrict the permissions and ownership of the /var/log/puppet directory, which may expose sensitive information...
CVE-2012-6120
CVE-2012-6120 concerns Puppet: Red Hat OpenStack Essex/Folsom created /var/log/puppet with world-readable permissions, enabling local users to access Puppet log files. The Debian DLA-29-1 advisory reiterates the same issue for the Debian puppet package. Affected component: Puppet log directory ha...