CVE-2012-1986

NONECVSS 0.0

0.0

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.

🔗 References (32)

cve@mitrehttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
cve@mitrehttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
cve@mitrehttp://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
cve@mitrehttp://projects.puppetlabs.com/issues/13511
cve@mitrehttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
cve@mitrehttp://puppetlabs.com/security/cve/cve-2012-1986/
cve@mitrehttp://secunia.com/advisories/48743
cve@mitrehttp://secunia.com/advisories/48748
cve@mitrehttp://secunia.com/advisories/48789
cve@mitrehttp://secunia.com/advisories/49136
cve@mitrehttp://ubuntu.com/usn/usn-1419-1
cve@mitrehttp://www.debian.org/security/2012/dsa-2451
cve@mitrehttp://www.securityfocus.com/bid/52975
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/74794
cve@mitrehttps://hermes.opensuse.org/messages/14523305

Is Your Infrastructure Affected by CVE-2012-1986?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-1986

📅 Published

🔄 Last Modified

🔗 References (32)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-1986?