CVE-2012-1988

Priority
Description
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise
(PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote
authenticated users with agent SSL keys and file-creation permissions on
the puppet master to execute arbitrary commands by creating a file whose
full pathname contains shell metacharacters, then performing a filebucket
request.
Notes
Package
Upstream:needs-triage
More Information

Updated: 2019-12-05 20:59:07 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)