CVE-2012-6120

Name of the Vulnerable Software and Affected Versions Red Hat OpenStack versions Essex and Folsom Puppet versions prior to 2.7.23

Description The issue allows local users to obtain sensitive information, such as Puppet log files, due to the world-readable permissions of the /var/log/puppet directory. Additionally, multiple vulnerabilities in the Puppet package can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely by an authenticated attacker.

Recommendations For Red Hat OpenStack versions Essex and Folsom, consider changing the permissions of the /var/log/puppet directory to restrict access to sensitive information. For Puppet versions prior to 2.7.23, update to version 2.7.23 or later to resolve the vulnerabilities.