2.1

CVE-2012-1986

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PuppetPuppet Version2.6.0
PuppetPuppet Version2.6.1
PuppetPuppet Version2.6.2
PuppetPuppet Version2.6.3
PuppetPuppet Version2.6.4
PuppetPuppet Version2.6.5
PuppetPuppet Version2.6.6
PuppetPuppet Version2.6.7
PuppetPuppet Version2.6.8
PuppetPuppet Version2.6.9
PuppetPuppet Version2.6.10
PuppetPuppet Version2.6.11
PuppetPuppet Version2.6.12
PuppetPuppet Version2.6.13
PuppetPuppet Version2.6.14
PuppetPuppet Version2.7.2
PuppetPuppet Version2.7.3
PuppetPuppet Version2.7.4
PuppetPuppet Version2.7.5
PuppetPuppet Version2.7.6
PuppetPuppet Version2.7.7
PuppetPuppet Version2.7.8
PuppetPuppet Version2.7.9
PuppetPuppet Version2.7.10
PuppetPuppet Version2.7.11
PuppetPuppet Enterprise Version2.5.0
PuppetlabsPuppet Version2.7.0
PuppetlabsPuppet Version2.7.1
PuppetPuppet Enterprise Version1.2.0
PuppetPuppet Enterprise Version1.2.1
PuppetPuppet Enterprise Version1.2.2
PuppetPuppet Enterprise Version1.2.3
PuppetPuppet Enterprise Version1.2.4
PuppetPuppet Enterprise Version2.0.0
PuppetPuppet Enterprise Version2.0.1
PuppetPuppet Enterprise Version2.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.47% 0.703
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:N/AC:H/Au:S/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://hermes.opensuse.org/messages/15087408
http://secunia.com/advisories/48743
Vendor Advisory
http://secunia.com/advisories/48748
Vendor Advisory
http://secunia.com/advisories/48789
Vendor Advisory
http://ubuntu.com/usn/usn-1419-1
http://www.debian.org/security/2012/dsa-2451
http://www.securityfocus.com/bid/52975
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
http://projects.puppetlabs.com/issues/13511
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
http://puppetlabs.com/security/cve/cve-2012-1986/
Vendor Advisory
http://secunia.com/advisories/49136
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
https://hermes.opensuse.org/messages/14523305