CVE

Id
57107  
CVE No.
CVE-2012-3864  
Status
Candidate  
Description
Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user"s certificate and private key in a GET request.  
Phase
Assigned (20120706)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
590388 57107 CVE-2012-3864 CONFIRM:http://puppetlabs.com/security/cve/cve-2012-3864/  View
590389 57107 CVE-2012-3864 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=839130  View
590390 57107 CVE-2012-3864 CONFIRM:https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4  View
590391 57107 CVE-2012-3864 CONFIRM:https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87  View
590392 57107 CVE-2012-3864 DEBIAN:DSA-2511  View
590393 57107 CVE-2012-3864 URL:http://www.debian.org/security/2012/dsa-2511  View
590394 57107 CVE-2012-3864 SUSE:SUSE-SU-2012:0983  View
590395 57107 CVE-2012-3864 URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html  View
590396 57107 CVE-2012-3864 SUSE:openSUSE-SU-2012:0891  View
590397 57107 CVE-2012-3864 URL:http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html  View
590398 57107 CVE-2012-3864 UBUNTU:USN-1506-1  View
590399 57107 CVE-2012-3864 URL:http://www.ubuntu.com/usn/USN-1506-1  View
590400 57107 CVE-2012-3864 SECUNIA:50014  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
27874 JVNDB-2012-003581 REDAXO におけるクロスサイトスクリプティングの脆弱性 REDAXO の include/classes/class.rex_list.inc.php には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2012-3869 57107 4.3 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003581.html  View