CVE-2012-3864

2012-07-1200:00:00

ubuntu.com

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

77.5%

JSON

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before
2.5.2, allows remote authenticated users to read arbitrary files on the
puppet master server by leveraging an arbitrary user’s certificate and
private key in a GET request.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchpuppet< 0.25.4-2ubuntu6.8UNKNOWN
ubuntu11.04noarchpuppet< 2.6.4-2ubuntu2.10UNKNOWN
ubuntu11.10noarchpuppet< 2.7.1-1ubuntu3.7UNKNOWN
ubuntu12.04noarchpuppet< 2.7.11-1ubuntu2.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	puppet	< 0.25.4-2ubuntu6.8	UNKNOWN
ubuntu	11.04	noarch	puppet	< 2.6.4-2ubuntu2.10	UNKNOWN
ubuntu	11.10	noarch	puppet	< 2.7.1-1ubuntu3.7	UNKNOWN
ubuntu	12.04	noarch	puppet	< 2.7.11-1ubuntu2.1	UNKNOWN