CVSS: 2.1EPSS: 0%CPEs: 17EXPL: 1CVE-2012-3866
https://notcve.org/view.php?id=CVE-2012-3866
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file. lib/puppet/defaults.rb en Puppet 2.7.x anterior a 2.7.18, y Puppet Enterprise anterior a 2.5.2, emplea permisos del tipo 0644 para last_run_report.yaml, lo que permite a usuarios locales obtener información sensible de la configuración aprovechando el acceso al servidor maestro de Puppet para leer el archivo. • http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html http://puppetlabs.com/security/cve/cve-2012-3866 http://secunia.com/advisories/50014 http://www.debian.org/security/2012/dsa-2511 http://www.ubuntu.com/usn/USN-1506-1 https://bugzilla.redhat.com/show_bug.cgi?id=839135 https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 2CVE-2012-3864 – puppet: authenticated clients allowed to read arbitrary files from the puppet master
https://notcve.org/view.php?id=CVE-2012-3864
Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request. Puppet anterior a v2.6.17 y v2.7.x anterior a v2.7.18 y Puppet Enterprise anterior a v2.5.2, permite a usuarios remotos autenticados a leer ficheros de su elección en el servidor maestro de Puppet aprovechando un certificado de usuario y una clave privada en una petición GET. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html http://puppetlabs.com/security/cve/cve-2012-3864 http://secunia.com/advisories/50014 http://www.debian.org/security/2012/dsa-2511 http://www.ubuntu.com/usn/USN-1506-1 https://bugzilla.redhat.com/show_bug.cgi?id=839130 https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4 https://github.com/puppetlabs/puppet/commit/c3c7462e40 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 34EXPL: 2CVE-2012-3865 – puppet: authenticated clients allowed to delete arbitrary files on the puppet master
https://notcve.org/view.php?id=CVE-2012-3865
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name. Vulnerabilidad de directorio transversal en lib/puppet/reports/store.rb en Puppet anterior a v2.6.17 y v2.7.x anterior a v2.7.18, y Puppet Enterprise anterior a v2.5.2, cuando Eliminar está habilitado en auth.conf, permite a usuarios remotos autenticados borrar archivos arbitrarios en el servidor maestro de las marionetas a través de un .. (punto punto) en un nombre de nodo. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html http://puppetlabs.com/security/cve/cve-2012-3865 http://secunia.com/advisories/50014 http://www.debian.org/security/2012/dsa-2511 http://www.ubuntu.com/usn/USN-1506-1 https://bugzilla.redhat.com/show_bug.cgi?id=839131 https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f https://github.com/puppetlabs/puppet/commit/d80478208d • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 47EXPL: 2CVE-2012-3867 – puppet: insufficient validation of agent names in CN of SSL certificate requests
https://notcve.org/view.php?id=CVE-2012-3867
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. lib/puppet/ssl/certificate_authority.rb en Puppet anteriores a v2.6.17 y v2.7.x anteriores a v2.7.18, y Puppet Enterprise anterior a v2.5.2, no restringe de forma adecuada los caracteres en el campo Common Name de una Certificate Signing Request (CSR), lo que facilita a atacantes remotos asistidos por usuarios a engañar a los administradores para firmar un certificado manipulado a través de secuencias de control ANSI. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html http://puppetlabs.com/security/cve/cve-2012-3867 http://secunia.com/advisories/50014 http://www.debian.org/security/2012/dsa-2511 http://www.ubuntu.com/usn/USN-1506-1 https://bugzilla.redhat.com/show_bug.cgi?id=839158 https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640 https://github.com/puppetlabs/puppet/commit/f3419620b4 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.3EPSS: 0%CPEs: 38EXPL: 0CVE-2012-1906
https://notcve.org/view.php?id=CVE-2012-1906
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp. Puppet v2.6.x anterior a v2.6.15 y v2.7.x anterior a v2.7.13, y Puppet Enterprise (PE) Users v1.0, v1.1, v1.2.x, v2.0.x, y v2.5.x anterior a v2.5.1 utiliza nombres de archivos predecibles al instalar paquetes Mac OS X desde una fuente remota, permitiendo a usuarios locales sobreescribir ficheros arbitrarios o instalar paquetes arbitrarios a través de un ataque de enlace simbólico en un archivo temporal en /tmp. • http://projects.puppetlabs.com/issues/13260 http://puppetlabs.com/security/cve/cve-2012-1906 http://secunia.com/advisories/48743 http://secunia.com/advisories/48748 http://secunia.com/advisories/48789 http://ubuntu.com/usn/usn-1419-1 http://www.debian.org/security/2012/dsa-2451 http://www.securityfocus.com/bid/52975 https://exchange.xforce.ibmcloud.com/vulnerabilities/74793 • CWE-264: Permissions, Privileges, and Access Controls •