PT-2012-5048 · Puppet+1 · Puppet+2
Published
2012-08-06
·
Updated
2019-07-10
·
CVE-2012-3865
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Puppet versions prior to 2.6.17
Puppet versions 2.7.x prior to 2.7.18
Puppet Enterprise versions prior to 2.5.2
Description
A directory traversal issue allows remote authenticated users to delete arbitrary files on the puppet master server. This is achieved by using a .. (dot dot) in a node name when Delete is enabled in auth.conf. The issue is related to the lib/puppet/reports/store.rb file.
Recommendations
For Puppet versions prior to 2.6.17, update to version 2.6.17 or later.
For Puppet versions 2.7.x prior to 2.7.18, update to version 2.7.18 or later.
For Puppet Enterprise versions prior to 2.5.2, update to version 2.5.2 or later.
As a temporary workaround, consider disabling the Delete option in auth.conf until a patch is available.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Puppet
Puppet Enterprise
Suse