CVE-2012-3864

NONECVSS 0.0

0.0

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.

🔗 References (18)

cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
cve@mitrehttp://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
cve@mitrehttp://puppetlabs.com/security/cve/cve-2012-3864/
cve@mitrehttp://secunia.com/advisories/50014
cve@mitrehttp://www.debian.org/security/2012/dsa-2511
cve@mitrehttp://www.ubuntu.com/usn/USN-1506-1
cve@mitrehttps://bugzilla.redhat.com/show_bug.cgi?id=839130
cve@mitrehttps://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4
cve@mitrehttps://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
af854a3a-2127-422b-91ae-364da2661108http://puppetlabs.com/security/cve/cve-2012-3864/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50014
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2511
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1506-1

Is Your Infrastructure Affected by CVE-2012-3864?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-3864

📅 Published

🔄 Last Modified

🔗 References (18)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-3864?