V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2012-1986
DEB
Low

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows …

CVSS
3.6
Low
EPSS
0.01
p70
Published
2012-01-01
Updated
2012-01-01
Description

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.

Tags · CWE
CWE-264
Affected products
Puppet
CVSS vector
AV:N/AC:H/Au:S/C:P/I:N/A:P
Timeline
2012-01-01
Published
2012-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: H
High (H)
Authentication
Au: S
Single
Confidentiality Impact
C: P
Partial
Integrity Impact
I: N
None (N)
Availability Impact
A: P
Partial
Exploit indicators
EPSS
0.015 · p70
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
converge-ui-develTracked
puppetTracked
puppetTracked
puppetTracked
rubygem-actionpackTracked
rubygem-activerecordTracked
rubygem-activesupportTracked
rubygem-chunky_pngTracked
rubygem-compassTracked
rubygem-compass-960-pluginTracked
rubygem-delayed_jobTracked
rubygem-ldap_fluffTracked
rubygem-mailTracked
rubygem-net-ldapTracked
puppet*Tracked
puppet*Tracked
puppet_enterprise*Tracked
puppet_enterprise*Tracked
puppet_enterprise_users*Tracked
Source databases
DEB
CVE
RED
UBU
Related vulnerabilities