CVE Vulnerabilities

CVE-2012-3866

Published: Aug 06, 2012 | Modified: Jul 10, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.

Affected Software

Name Vendor Start Version End Version
Puppet Puppet 2.7.2 2.7.2
Puppet Puppet 2.7.3 2.7.3
Puppet Puppet 2.7.4 2.7.4
Puppet Puppet 2.7.5 2.7.5
Puppet Puppet 2.7.6 2.7.6
Puppet Puppet 2.7.8 2.7.8
Puppet Puppet 2.7.9 2.7.9
Puppet Puppet 2.7.10 2.7.10
Puppet Puppet 2.7.11 2.7.11
Puppet Puppet 2.7.12 2.7.12
Puppet Puppet 2.7.13 2.7.13
Puppet Puppet 2.7.14 2.7.14
Puppet Puppet 2.7.16 2.7.16
Puppet Puppetlabs 2.7.0 2.7.0
Puppet Puppetlabs 2.7.1 2.7.1
Puppet Puppetlabs * 2.7.17
Puppet Ubuntu devel *
Puppet Ubuntu hardy *
Puppet Ubuntu oneiric *
Puppet Ubuntu precise *
Puppet Ubuntu upstream *

References