CVE-2011-3872

Priority
Description
Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise
(PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent
certificate, adds the Puppet master's certdnsnames values to the X.509
Subject Alternative Name field of the certificate, which allows remote
attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack
against an agent that uses an alternate DNS name for the master, aka
"AltNames Vulnerability."
Assigned-to
mdeslaur
Package
Upstream:released (2.7.6)
More Information

Updated: 2019-03-19 12:01:06 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)