SUSE CVE-2011-3848

Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request CSR to arbitrary locations via 1 a double-encoded key parameter in the URI in 2.7.x, 2 the CN in the Subject of a CSR in 2.6 and 0.25...

PT-2012-1143 · Puppet +1 · Puppet Enterprise (Pe) Users +2

Name of the Vulnerable Software and Affected Versions: Puppet versions 2.6.x through 2.6.14 Puppet versions 2.7.x through 2.7.12 Puppet Enterprise PE Users versions 1.0 through 1.2.x Puppet Enterprise PE Users versions 2.0.x through 2.5.0 Description: The issue allows remote authenticated users...