CVE-2011-3872

Priority
Description
Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise
(PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent
certificate, adds the Puppet master's certdnsnames values to the X.509
Subject Alternative Name field of the certificate, which allows remote
attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack
against an agent that uses an alternate DNS name for the master, aka
"AltNames Vulnerability."
Assigned-to
mdeslaur
Notes
Package
Upstream:released (2.7.6)
More Information

Updated: 2020-03-18 22:07:36 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)