CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 2CVE-2012-3864 – puppet: authenticated clients allowed to read arbitrary files from the puppet master
https://notcve.org/view.php?id=CVE-2012-3864
Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request. Puppet anterior a v2.6.17 y v2.7.x anterior a v2.7.18 y Puppet Enterprise anterior a v2.5.2, permite a usuarios remotos autenticados a leer ficheros de su elección en el servidor maestro de Puppet aprovechando un certificado de usuario y una clave privada en una petición GET. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html http://puppetlabs.com/security/cve/cve-2012-3864 http://secunia.com/advisories/50014 http://www.debian.org/security/2012/dsa-2511 http://www.ubuntu.com/usn/USN-1506-1 https://bugzilla.redhat.com/show_bug.cgi?id=839130 https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4 https://github.com/puppetlabs/puppet/commit/c3c7462e40 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 34EXPL: 2CVE-2012-3865 – puppet: authenticated clients allowed to delete arbitrary files on the puppet master
https://notcve.org/view.php?id=CVE-2012-3865
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name. Vulnerabilidad de directorio transversal en lib/puppet/reports/store.rb en Puppet anterior a v2.6.17 y v2.7.x anterior a v2.7.18, y Puppet Enterprise anterior a v2.5.2, cuando Eliminar está habilitado en auth.conf, permite a usuarios remotos autenticados borrar archivos arbitrarios en el servidor maestro de las marionetas a través de un .. (punto punto) en un nombre de nodo. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html http://puppetlabs.com/security/cve/cve-2012-3865 http://secunia.com/advisories/50014 http://www.debian.org/security/2012/dsa-2511 http://www.ubuntu.com/usn/USN-1506-1 https://bugzilla.redhat.com/show_bug.cgi?id=839131 https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f https://github.com/puppetlabs/puppet/commit/d80478208d • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 47EXPL: 2CVE-2012-3867 – puppet: insufficient validation of agent names in CN of SSL certificate requests
https://notcve.org/view.php?id=CVE-2012-3867
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. lib/puppet/ssl/certificate_authority.rb en Puppet anteriores a v2.6.17 y v2.7.x anteriores a v2.7.18, y Puppet Enterprise anterior a v2.5.2, no restringe de forma adecuada los caracteres en el campo Common Name de una Certificate Signing Request (CSR), lo que facilita a atacantes remotos asistidos por usuarios a engañar a los administradores para firmar un certificado manipulado a través de secuencias de control ANSI. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html http://puppetlabs.com/security/cve/cve-2012-3867 http://secunia.com/advisories/50014 http://www.debian.org/security/2012/dsa-2511 http://www.ubuntu.com/usn/USN-1506-1 https://bugzilla.redhat.com/show_bug.cgi?id=839158 https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640 https://github.com/puppetlabs/puppet/commit/f3419620b4 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.6EPSS: 0%CPEs: 20EXPL: 0CVE-2012-1989
https://notcve.org/view.php?id=CVE-2012-1989
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log). telnet.rb en Puppet v2.7.x antes de v2.7.13 y Puppet Enterprise (PE) v1.2.x, v2.0.x, y v2.5.x antes de v2.5.1, permite a usuarios locales sobreescribir archivos de su elección a través de ataques de enlace simbólico en el registro de conexión NET::Telnet (/tmp/out.log). • http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html http://projects.puppetlabs.com/issues/13606 http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13 http://puppetlabs.com/security/cve/cve-2012-1989 http://secunia.com/advisories/48743 http://secunia.com/advisories/48748 http://secunia.com/advisories/49136 http://ubuntu.com/usn/usn-1419-1 http://www.securityfocus.com/bid/52975 https://exchange.xforce.ibmcloud.com/vulnerabilities/74797 https://herme • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.3EPSS: 0%CPEs: 38EXPL: 0CVE-2012-1906
https://notcve.org/view.php?id=CVE-2012-1906
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp. Puppet v2.6.x anterior a v2.6.15 y v2.7.x anterior a v2.7.13, y Puppet Enterprise (PE) Users v1.0, v1.1, v1.2.x, v2.0.x, y v2.5.x anterior a v2.5.1 utiliza nombres de archivos predecibles al instalar paquetes Mac OS X desde una fuente remota, permitiendo a usuarios locales sobreescribir ficheros arbitrarios o instalar paquetes arbitrarios a través de un ataque de enlace simbólico en un archivo temporal en /tmp. • http://projects.puppetlabs.com/issues/13260 http://puppetlabs.com/security/cve/cve-2012-1906 http://secunia.com/advisories/48743 http://secunia.com/advisories/48748 http://secunia.com/advisories/48789 http://ubuntu.com/usn/usn-1419-1 http://www.debian.org/security/2012/dsa-2451 http://www.securityfocus.com/bid/52975 https://exchange.xforce.ibmcloud.com/vulnerabilities/74793 • CWE-264: Permissions, Privileges, and Access Controls •