CVE-2012-3866

Publication date 12 July 2012

Last updated 24 July 2024


Ubuntu priority

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.

Read the notes from the security team

Status

Package Ubuntu Release Status
puppet 12.04 LTS precise
Fixed 2.7.11-1ubuntu2.1
11.10 oneiric
Fixed 2.7.1-1ubuntu3.7
11.04 natty
Not affected
10.04 LTS lucid
Not affected
8.04 LTS hardy Ignored end of life

Notes


mdeslaur

only affects 2.7.x

References

Related Ubuntu Security Notices (USN)

Other references