CVSS 3 Base Score: Posted On: August 6, 2012Assessed Risk Level: NoneA bug in Puppet leaves last_run_report.yaml world readable. The most recent Puppet run report is stored on the Puppet master with world-readable permissions. The report file contains the context diffs of any changes to configuration on an agent, which may contain sensitive information that an attacker can then access. The last run report is overwritten with every Puppet run. Note: This only affects the 2.7 series of Puppet. Status:Affected software versions:Resolved in:Resolved in Puppet 2.7.18 (source), rpm, deb, dmg, windowsResolved in Puppet Enterprise 2.5.2Hotfixes available for Puppet Enterprise 2.0.xHotfixeshttp://puppetlabs.com/security/cve/cve-2012-3866/hotfixes/← Back to CVE Listings