Launchpad.net

CVE 2012-3864

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.

Related bugs and status

CVE-2012-3864 (Candidate) is related to these bugs:

Bug #1023931: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})

		In	Importance	Status
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	Gentoo Linux	Low	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Lucid)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Natty)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Quantal)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Oneiric)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Precise)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-3864

Related bugs and status

Related bugs

References