Skip to navigation

CVE Database

CVE-2012-3866

Impact: Low
Public: 2012-07-10
Bugzilla: 839135: CVE-2012-3866 puppet: information leak via world readable last_run_report.yaml

Details

The MITRE CVE dictionary describes this issue as:

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.

Find out more about CVE-2012-3866 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score: 1.2
Base Metrics: AV:L/AC:H/Au:S/C:P/I:N/A:N
Access Vector: Local
Access Complexity: High
Authentication: Single Instance
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date

External References

http://puppetlabs.com/security/cve/cve-2012-3866/

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.