CVE-2012-1988 (retired)

Priority
Description
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise
(PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote
authenticated users with agent SSL keys and file-creation permissions on
the puppet master to execute arbitrary commands by creating a file whose
full pathname contains shell metacharacters, then performing a filebucket
request.
Package
Upstream:needs-triage
More Information

Updated: 2019-03-26 12:01:40 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)