CVE-2011-3872: Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the…

low2.6CVSS 3.1

AVNACHAuNCNIPAN

Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."

Affected

26 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	puppet	< puppet 2.7.6-1 (bullseye)	puppet 2.7.6-1 (bullseye)
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	>= 0 < 2.7.6-1	2.7.6-1
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—
puppetlabs	puppet	—	—
puppetlabs	puppet	—	—
puppetlabs	puppet_enterprise_users	—	—

CVSS provenance

nvd2.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N

osv2.6LOW