CVSS: 3.5EPSS: 0%CPEs: 34EXPL: 2CVE-2012-3865 – puppet: authenticated clients allowed to delete arbitrary files on the puppet master
https://notcve.org/view.php?id=CVE-2012-3865
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name. Vulnerabilidad de directorio transversal en lib/puppet/reports/store.rb en Puppet anterior a v2.6.17 y v2.7.x anterior a v2.7.18, y Puppet Enterprise anterior a v2.5.2, cuando Eliminar está habilitado en auth.conf, permite a usuarios remotos autenticados borrar archivos arbitrarios en el servidor maestro de las marionetas a través de un .. (punto punto) en un nombre de nodo. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html http://puppetlabs.com/security/cve/cve-2012-3865 http://secunia.com/advisories/50014 http://www.debian.org/security/2012/dsa-2511 http://www.ubuntu.com/usn/USN-1506-1 https://bugzilla.redhat.com/show_bug.cgi?id=839131 https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f https://github.com/puppetlabs/puppet/commit/d80478208d • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 47EXPL: 2CVE-2012-3867 – puppet: insufficient validation of agent names in CN of SSL certificate requests
https://notcve.org/view.php?id=CVE-2012-3867
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. lib/puppet/ssl/certificate_authority.rb en Puppet anteriores a v2.6.17 y v2.7.x anteriores a v2.7.18, y Puppet Enterprise anterior a v2.5.2, no restringe de forma adecuada los caracteres en el campo Common Name de una Certificate Signing Request (CSR), lo que facilita a atacantes remotos asistidos por usuarios a engañar a los administradores para firmar un certificado manipulado a través de secuencias de control ANSI. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html http://puppetlabs.com/security/cve/cve-2012-3867 http://secunia.com/advisories/50014 http://www.debian.org/security/2012/dsa-2511 http://www.ubuntu.com/usn/USN-1506-1 https://bugzilla.redhat.com/show_bug.cgi?id=839158 https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640 https://github.com/puppetlabs/puppet/commit/f3419620b4 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.3EPSS: 0%CPEs: 23EXPL: 0CVE-2011-3869
https://notcve.org/view.php?id=CVE-2011-3869
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. Puppet v2.7.x anterior a v2.7.5, v2.6.x anterior a v2.6.11, y v0.25.x permite a usuarios locales sobreescribir ficheros arbitrarios mediante un enlace simbólico sobre el fichero .k5login. • http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html http://secunia.com/advisories/46458 http://www.debian.org/security/2011/dsa-2314 http://www.ubuntu.com/usn/USN-1223-1 http://www.ubuntu.com/usn/USN-1223-2 https:&#x • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.3EPSS: 0%CPEs: 23EXPL: 0CVE-2011-3870
https://notcve.org/view.php?id=CVE-2011-3870
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. Puppet v2.7.x antes de v2.7.5, v2.6.x antes de v2.6.11, y v0.25.x, permite a usuarios locales modificar los permisos de archivos de su elección a través de un ataque symlink al archivo authorized_keys de SSH • http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html http://secunia.com/advisories/46458 http://www.debian.org/security/2011/dsa-2314 http://www.ubuntu.com/usn/USN-1223-1 http://www.ubuntu.com/usn/USN-1223-2 https:&#x • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.2EPSS: 0%CPEs: 23EXPL: 0CVE-2011-3871
https://notcve.org/view.php?id=CVE-2011-3871
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. Puppet v2.7.x anterior a v2.7.5, v2.6.x anterior a v2.6.11, y v0.25.x, cuando se ejecuta el modo --edit, usa un nombre de fichero predecible, permitiendo a usuarios locales ejecutar código Puppet arbitrario o engañando a un usuario a editar ficheros arbitarios • http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html http://secunia.com/advisories/46458 http://www.debian.org/security/2011/dsa-2314 http://www.ubuntu.com/usn/USN-1223-1 http://www.ubuntu.com/usn/USN-1223-2 https:&#x • CWE-264: Permissions, Privileges, and Access Controls •