ubuntu · CVE-2012-1986

Quick triage

Priority: medium Published: 2012-04-11 01:00:00 UTC Updated: 2024-07-24 15:57:39 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2012-1986 medium priority: Ubuntu including 1 source packages (puppet), 6 status rows across 6 suites (hardy, lucid, maverick, natty, oneiric, upstream): released 3, ignored 2, needs-triage 1.

Description:

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.

cvelogic Threat Intelligence