CVE-2013-1652 – Puppet: HTTP GET request catalog retrieval
https://notcve.org/view.php?id=CVE-2013-1652
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors. Puppet anterior a v2.6.18, v2.7.x anterior a v2.7.21, y v3.1.x anterior a v3.1.1, y Puppet Enterprise anterior a v1.2.7 y v2.7.x anterior a v2.7.2 permite a usuarios remotos autenticados con un certificado válido y una clave privada leer catalogs arbitrarios o envenenar la caché del maestro a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html http://rhn.redhat.com/errata/RHSA-2013-0710.html http://secunia.com/advisories/52596 http://ubuntu.com/usn/usn-1759-1 http://www.debian.org/security/2013/dsa-2643 http://www.securityfocus.com/bid/58443 https://puppetlabs.com/security/cve/cve-2013-1652 https://access.redhat.com/security/cve/CVE-2013-1652 https://bugzilla.redhat.com& • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-3408
https://notcve.org/view.php?id=CVE-2012-3408
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address. lib/puppet/network/authstore.rb en Puppet anterior a v2.7.18, y Puppet Enterprise anterior a v2.5.2, compatible con el uso de direcciones IP en certnames sin previo aviso de los riesgos potenciales, podrían permitir a atacantes remotos falsificar un agente mediante la adquisición de una dirección IP previamente utilizada. • http://puppetlabs.com/security/cve/cve-2012-3408 https://bugzilla.redhat.com/show_bug.cgi?id=839166 https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd • CWE-287: Improper Authentication •
CVE-2012-3865 – puppet: authenticated clients allowed to delete arbitrary files on the puppet master
https://notcve.org/view.php?id=CVE-2012-3865
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name. Vulnerabilidad de directorio transversal en lib/puppet/reports/store.rb en Puppet anterior a v2.6.17 y v2.7.x anterior a v2.7.18, y Puppet Enterprise anterior a v2.5.2, cuando Eliminar está habilitado en auth.conf, permite a usuarios remotos autenticados borrar archivos arbitrarios en el servidor maestro de las marionetas a través de un .. (punto punto) en un nombre de nodo. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html http://puppetlabs.com/security/cve/cve-2012-3865 http://secunia.com/advisories/50014 http://www.debian.org/security/2012/dsa-2511 http://www.ubuntu.com/usn/USN-1506-1 https://bugzilla.redhat.com/show_bug.cgi?id=839131 https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f https://github.com/puppetlabs/puppet/commit/d80478208d • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2012-3864 – puppet: authenticated clients allowed to read arbitrary files from the puppet master
https://notcve.org/view.php?id=CVE-2012-3864
Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request. Puppet anterior a v2.6.17 y v2.7.x anterior a v2.7.18 y Puppet Enterprise anterior a v2.5.2, permite a usuarios remotos autenticados a leer ficheros de su elección en el servidor maestro de Puppet aprovechando un certificado de usuario y una clave privada en una petición GET. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html http://puppetlabs.com/security/cve/cve-2012-3864 http://secunia.com/advisories/50014 http://www.debian.org/security/2012/dsa-2511 http://www.ubuntu.com/usn/USN-1506-1 https://bugzilla.redhat.com/show_bug.cgi?id=839130 https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4 https://github.com/puppetlabs/puppet/commit/c3c7462e40 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-3867 – puppet: insufficient validation of agent names in CN of SSL certificate requests
https://notcve.org/view.php?id=CVE-2012-3867
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. lib/puppet/ssl/certificate_authority.rb en Puppet anteriores a v2.6.17 y v2.7.x anteriores a v2.7.18, y Puppet Enterprise anterior a v2.5.2, no restringe de forma adecuada los caracteres en el campo Common Name de una Certificate Signing Request (CSR), lo que facilita a atacantes remotos asistidos por usuarios a engañar a los administradores para firmar un certificado manipulado a través de secuencias de control ANSI. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html http://puppetlabs.com/security/cve/cve-2012-3867 http://secunia.com/advisories/50014 http://www.debian.org/security/2012/dsa-2511 http://www.ubuntu.com/usn/USN-1506-1 https://bugzilla.redhat.com/show_bug.cgi?id=839158 https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640 https://github.com/puppetlabs/puppet/commit/f3419620b4 • CWE-264: Permissions, Privileges, and Access Controls •