Lucene search
Ubuntu.comUB:CVE-2012-3866HistoryJul 12, 2012 - 12:00 a.m.
CVE-2012-3866
2012-07-1200:00:00
ubuntu.com
ubuntu.com
8
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.3%
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise
before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows
local users to obtain sensitive configuration information by leveraging
access to the puppet master server to read this file.
Notes
| Author | Note |
|---|---|
| mdeslaur | only affects 2.7.x |
Related
prion
prion
Design/Logic Flaw
2012-08-06 16:55:00
cve
cve
CVE-2012-3866
2012-08-06 16:55:00
osv
osv
Puppet allows local users to obtain sensitive configuration information
2017-10-24 18:33:37
puppet - several
2012-07-12 00:00:00
github
github
Puppet allows local users to obtain sensitive configuration information
2017-10-24 18:33:37
debiancve
debiancve
CVE-2012-3866
2012-08-06 16:55:00
nessus
nessus
openSUSE Security Update : puppet (openSUSE-SU-2012:0891-1)
2014-06-13 00:00:00
Amazon Linux AMI : puppet (ALAS-2012-135)
2013-09-04 00:00:00
openvas
openvas
Ubuntu Update for puppet USN-1506-1
2012-07-16 00:00:00
FreeBSD Ports: puppet
2012-08-10 00:00:00
Debian Security Advisory DSA 2511-1 (puppet)
2012-08-10 00:00:00
securityvulns
securityvulns
[USN-1506-1] Puppet vulnerabilities
2012-07-16 00:00:00
freebsd
freebsd
puppet -- multiple vulnerabilities
2012-07-05 00:00:00
amazon
amazon
Low: puppet
2012-10-15 12:29:00
debian
debian
[SECURITY] [DSA 2511-1] puppet security update
2012-07-12 18:55:52
ubuntu
ubuntu
Puppet vulnerabilities
2012-07-12 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: puppet-2.7.18-1.fc17
2012-07-28 01:20:31
[SECURITY] Fedora 16 Update: puppet-2.6.17-2.fc16
2012-07-28 01:17:34
[SECURITY] Fedora 17 Update: puppet-2.7.21-2.fc17
2013-03-30 21:31:30
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.3%
Related for UB:CVE-2012-3866