PT-2012-5048 · Puppet+1 · Puppet+2
Publicado
2012-08-06
·
Atualizado
2019-07-10
·
CVE-2012-3865
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Puppet versions prior to 2.6.17
Puppet versions 2.7.x prior to 2.7.18
Puppet Enterprise versions prior to 2.5.2
Description
A directory traversal issue allows remote authenticated users to delete arbitrary files on the puppet master server. This is achieved by using a .. (dot dot) in a node name when Delete is enabled in auth.conf. The issue is related to the lib/puppet/reports/store.rb file.
Recommendations
For Puppet versions prior to 2.6.17, update to version 2.6.17 or later.
For Puppet versions 2.7.x prior to 2.7.18, update to version 2.7.18 or later.
For Puppet Enterprise versions prior to 2.5.2, update to version 2.5.2 or later.
As a temporary workaround, consider disabling the Delete option in auth.conf until a patch is available.
Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Puppet
Puppet Enterprise
Suse