CVE-2012-1986
published 2012-05-29CVE-2012-1986: Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated…
low2.1CVSS 3.1
AVNACHAuSCPINAN
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | puppet | < puppet 2.7.13-1 (bullseye) | puppet 2.7.13-1 (bullseye) |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
CVSS provenance
nvd3.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
ghsa2.1LOW
osv2.1LOW