CVE-2012-3866
Publication date 12 July 2012
Last updated 24 July 2024
Ubuntu priority
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.
Status
Package | Ubuntu Release | Status |
---|---|---|
puppet | 12.04 LTS precise |
Fixed 2.7.11-1ubuntu2.1
|
11.10 oneiric |
Fixed 2.7.1-1ubuntu3.7
|
|
11.04 natty |
Not affected
|
|
10.04 LTS lucid |
Not affected
|
|
8.04 LTS hardy | Ignored end of life |
Notes
References
Related Ubuntu Security Notices (USN)
- USN-1506-1
- Puppet vulnerabilities
- 12 July 2012