Launchpad.net

CVE 2012-3866

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.

Related bugs and status

CVE-2012-3866 (Candidate) is related to these bugs:

Bug #1023931: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})

		In	Importance	Status
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	Gentoo Linux	Low	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Lucid)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Natty)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Quantal)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Oneiric)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Precise)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-3866

Related bugs and status

Related bugs

References