Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-05-29T20:00:00

Updated: 2024-08-06T19:17:27.716Z

Reserved: 2012-04-02T00:00:00

Link: CVE-2012-1988

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-05-29T20:55:08.243

Modified: 2024-11-21T01:38:14.737

Link: CVE-2012-1988

cve-icon Redhat

Severity : Moderate

Publid Date: 2012-04-10T00:00:00Z

Links: CVE-2012-1988 - Bugzilla