CVE-2012-1986

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.
References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
http://projects.puppetlabs.com/issues/13511
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
http://puppetlabs.com/security/cve/cve-2012-1986/ Vendor Advisory
http://secunia.com/advisories/48743 Vendor Advisory
http://secunia.com/advisories/48748 Vendor Advisory
http://secunia.com/advisories/48789 Vendor Advisory
http://secunia.com/advisories/49136 Vendor Advisory
http://ubuntu.com/usn/usn-1419-1
http://www.debian.org/security/2012/dsa-2451
http://www.securityfocus.com/bid/52975
https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
https://hermes.opensuse.org/messages/14523305
https://hermes.opensuse.org/messages/15087408
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
http://projects.puppetlabs.com/issues/13511
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
http://puppetlabs.com/security/cve/cve-2012-1986/ Vendor Advisory
http://secunia.com/advisories/48743 Vendor Advisory
http://secunia.com/advisories/48748 Vendor Advisory
http://secunia.com/advisories/48789 Vendor Advisory
http://secunia.com/advisories/49136 Vendor Advisory
http://ubuntu.com/usn/usn-1419-1
http://www.debian.org/security/2012/dsa-2451
http://www.securityfocus.com/bid/52975
https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
https://hermes.opensuse.org/messages/14523305
https://hermes.opensuse.org/messages/15087408
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*

History

21 Nov 2024, 01:38

Type Values Removed Values Added
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html - () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html - () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html - () http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html -
References () http://projects.puppetlabs.com/issues/13511 - () http://projects.puppetlabs.com/issues/13511 -
References () http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15 - () http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15 -
References () http://puppetlabs.com/security/cve/cve-2012-1986/ - Vendor Advisory () http://puppetlabs.com/security/cve/cve-2012-1986/ - Vendor Advisory
References () http://secunia.com/advisories/48743 - Vendor Advisory () http://secunia.com/advisories/48743 - Vendor Advisory
References () http://secunia.com/advisories/48748 - Vendor Advisory () http://secunia.com/advisories/48748 - Vendor Advisory
References () http://secunia.com/advisories/48789 - Vendor Advisory () http://secunia.com/advisories/48789 - Vendor Advisory
References () http://secunia.com/advisories/49136 - Vendor Advisory () http://secunia.com/advisories/49136 - Vendor Advisory
References () http://ubuntu.com/usn/usn-1419-1 - () http://ubuntu.com/usn/usn-1419-1 -
References () http://www.debian.org/security/2012/dsa-2451 - () http://www.debian.org/security/2012/dsa-2451 -
References () http://www.securityfocus.com/bid/52975 - () http://www.securityfocus.com/bid/52975 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/74794 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/74794 -
References () https://hermes.opensuse.org/messages/14523305 - () https://hermes.opensuse.org/messages/14523305 -
References () https://hermes.opensuse.org/messages/15087408 - () https://hermes.opensuse.org/messages/15087408 -

Information

Published : 2012-05-29 20:55

Updated : 2024-11-21 01:38


NVD link : CVE-2012-1986

Mitre link : CVE-2012-1986

CVE.ORG link : CVE-2012-1986


JSON object : View

Products Affected

puppet

  • puppet_enterprise
  • puppet

puppetlabs

  • puppet
  • puppet_enterprise_users
CWE
CWE-264

Permissions, Privileges, and Access Controls