CVE-2012-1986 (retired)

Priority
Description
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise
(PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote
authenticated users with an authorized SSL key and certain permissions on
the puppet master to read arbitrary files via a symlink attack in
conjunction with a crafted REST request for a file in a filebucket.
Package
Upstream:needs-triage
More Information

Updated: 2019-03-26 12:01:39 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)