4 matches found
SUSE CVE-2011-3872
Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise PE Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof ...
CVE-2013-2274
Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report...
CVE-2013-2274
Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report...
CVE-2012-1989
CVE-2012-1989 affects Puppet: telnet.rb in Puppet 2.7.x (before 2.7.13) and Puppet Enterprise 1.2.x, 2.0.x, and 2.5.x (before 2.5.1) allows a local user to perform a symlink attack on the NET::Telnet connection log (/tmp/out.log) and overwrite arbitrary files. Root cause: improper handling of tem...