CVE-2012-1986 (Arbitrary File Read Access)
A bug in Puppet gives unexpected and improper access to files on the puppet master.
When issuing a REST request for a file from a remote filebucket, it is possible to override the puppet master’s defined location for filebucket storage. A user with an authorized SSL key and the ability to construct directories and symlinks on the puppet master can thus read any file that the puppet master’s user account has access to.
- Resolved in Puppet 2.6.15 (source), 2.7.13 (source), rpm, deb
- Resolved in Puppet Enterprise 1.2.5 and 2.5.1
- Hotfixes available for Puppet Enterprise 1.0, 1.1, 1.2.x, and 2.0.x