CVE-2012-3867 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3867):
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x
before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly
restrict the characters in the Common Name field of a Certificate Signing
Request (CSR), which makes it easier for user-assisted remote attackers to
trick administrators into signing a crafted agent certificate via ANSI
control sequences.
CVE-2012-3866 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3866):
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise
before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows
local users to obtain sensitive configuration information by leveraging
access to the puppet master server to read this file.
CVE-2012-3865 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3865):
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet
before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2,
when Delete is enabled in auth.conf, allows remote authenticated users to
delete arbitrary files on the puppet master server via a .. (dot dot) in a
node name.
CVE-2012-3864 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3864):
Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before
2.5.2, allows remote authenticated users to read arbitrary files on the
puppet master server by leveraging an arbitrary user's certificate and
private key in a GET request.
CVE-2012-3867 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 3867): ssl/certificate _authority. rb in Puppet before 2.6.17 and 2.7.x
lib/puppet/
before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly
restrict the characters in the Common Name field of a Certificate Signing
Request (CSR), which makes it easier for user-assisted remote attackers to
trick administrators into signing a crafted agent certificate via ANSI
control sequences.
CVE-2012-3866 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 3866): defaults. rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise report. yaml, which allows
lib/puppet/
before 2.5.2, uses 0644 permissions for last_run_
local users to obtain sensitive configuration information by leveraging
access to the puppet master server to read this file.
CVE-2012-3865 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 3865): reports/ store.rb in Puppet
Directory traversal vulnerability in lib/puppet/
before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2,
when Delete is enabled in auth.conf, allows remote authenticated users to
delete arbitrary files on the puppet master server via a .. (dot dot) in a
node name.
CVE-2012-3864 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 3864):
Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before
2.5.2, allows remote authenticated users to read arbitrary files on the
puppet master server by leveraging an arbitrary user's certificate and
private key in a GET request.