CVSS 3 Base Score:

Posted On:
August 6, 2012

Assessed Risk Level:
None

A bug in Puppet leaves last_run_report.yaml world readable.

The most recent Puppet run report is stored on the Puppet master with world-readable permissions. The report file contains the context diffs of any changes to configuration on an agent, which may contain sensitive information that an attacker can then access. The last run report is overwritten with every Puppet run. Note: This only affects the 2.7 series of Puppet.

Status:

Affected software versions:Resolved in:

Resolved in Puppet 2.7.18 (source), rpm, deb, dmg, windows
Resolved in Puppet Enterprise 2.5.2
Hotfixes available for Puppet Enterprise 2.0.x

Hotfixes

http://puppetlabs.com/security/cve/cve-2012-3866/hotfixes/

← Back to CVE Listings

Achieving Zero Trust Security with Puppet Enterprise

Achieving Zero Trust Security with Puppet Enterprise

CVE-2012-3866 (last_run_report.yaml is world readable)

CVSS 3 Base Score:

Posted On:
August 6, 2012

Assessed Risk Level:
None

A bug in Puppet leaves last_run_report.yaml world readable.

Status:

Hotfixes

Get Started

Puppet Enterprise

Puppet Enterprise Extensions

CVE-2012-3866 (last_run_report.yaml is world readable)

CVSS 3 Base Score:

Posted On: August 6, 2012

Assessed Risk Level: None

A bug in Puppet leaves last_run_report.yaml world readable.

Status:

Hotfixes

Posted On:
August 6, 2012

Assessed Risk Level:
None