CVE-2012-3864 - Vulnerability Details

Vendors	Products
Cloudforms Cloudengine	1
Puppet	Puppet Puppet Enterprise
Puppetlabs	Puppet

Package	CPE	Advisory	Released Date
CloudForms for RHEL 6
converge-ui-devel-0:1.0.4-1.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
puppet-0:2.6.17-2.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-actionpack-1:3.0.10-10.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-activerecord-1:3.0.10-6.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-activesupport-1:3.0.10-4.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-chunky_png-0:1.2.0-3.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-compass-0:0.11.5-2.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-compass-960-plugin-0:0.10.4-2.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-delayed_job-0:2.1.4-2.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-ldap_fluff-0:0.1.3-1.el6_3	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-mail-0:2.3.0-3.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-net-ldap-0:0.1.1-3.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
http://puppetlabs.com/security/cve/cve-2012-3864/
http://secunia.com/advisories/50014
http://www.debian.org/security/2012/dsa-2511
http://www.ubuntu.com/usn/USN-1506-1
https://bugzilla.redhat.com/show_bug.cgi?id=839130
https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4
https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87
https://nvd.nist.gov/vuln/detail/CVE-2012-3864
https://www.cve.org/CVERecord?id=CVE-2012-3864

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-07-11T00:00:00", "descriptions": [{"lang": "en", "value": "Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-10-08T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SU-2012:0983", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://puppetlabs.com/security/cve/cve-2012-3864/"}, {"name": "DSA-2511", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2511"}, {"name": "USN-1506-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1506-1"}, {"name": "50014", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50014"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4"}, {"name": "openSUSE-SU-2012:0891", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839130"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-3864", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SU-2012:0983", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html"}, {"name": "http://puppetlabs.com/security/cve/cve-2012-3864/", "refsource": "CONFIRM", "url": "http://puppetlabs.com/security/cve/cve-2012-3864/"}, {"name": "DSA-2511", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2511"}, {"name": "USN-1506-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1506-1"}, {"name": "50014", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50014"}, {"name": "https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4", "refsource": "CONFIRM", "url": "https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4"}, {"name": "openSUSE-SU-2012:0891", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=839130", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839130"}, {"name": "https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87", "refsource": "CONFIRM", "url": "https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:21:04.064Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2012:0983", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://puppetlabs.com/security/cve/cve-2012-3864/"}, {"name": "DSA-2511", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2012/dsa-2511"}, {"name": "USN-1506-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1506-1"}, {"name": "50014", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50014"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4"}, {"name": "openSUSE-SU-2012:0891", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839130"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-3864", "datePublished": "2012-08-06T16:00:00", "dateReserved": "2012-07-06T00:00:00", "dateUpdated": "2024-08-06T20:21:04.064Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2012-07-11T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2014-10-08T14:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : SUSE-SU-2012:0983 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://puppetlabs.com/security/cve/cve-2012-3864/ (string)

}

2 : { »

name : DSA-2511 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2012/dsa-2511 (string)

}

3 : { »

name : USN-1506-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-1506-1 (string)

}

4 : { »

name : 50014 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/50014 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4 (string)

}

6 : { »

name : openSUSE-SU-2012:0891 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=839130 (string)

}

8 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2012-3864 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : SUSE-SU-2012:0983 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html (string)

}

1 : { »

name : http://puppetlabs.com/security/cve/cve-2012-3864/ (string)

refsource : CONFIRM (string)

url : http://puppetlabs.com/security/cve/cve-2012-3864/ (string)

}

2 : { »

name : DSA-2511 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2012/dsa-2511 (string)

}

3 : { »

name : USN-1506-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-1506-1 (string)

}

4 : { »

name : 50014 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/50014 (string)

}

5 : { »

name : https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4 (string)

refsource : CONFIRM (string)

url : https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4 (string)

}

6 : { »

name : openSUSE-SU-2012:0891 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html (string)

}

7 : { »

name : https://bugzilla.redhat.com/show_bug.cgi?id=839130 (string)

refsource : CONFIRM (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=839130 (string)

}

8 : { »

name : https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87 (string)

refsource : CONFIRM (string)

url : https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T20:21:04.064Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : SUSE-SU-2012:0983 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://puppetlabs.com/security/cve/cve-2012-3864/ (string)

}

2 : { »

name : DSA-2511 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2012/dsa-2511 (string)

}

3 : { »

name : USN-1506-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-1506-1 (string)

}

4 : { »

name : 50014 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/50014 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4 (string)

}

6 : { »

name : openSUSE-SU-2012:0891 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=839130 (string)

}

8 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2012-3864 (string)

datePublished : 2012-08-06T16:00:00 (string)

dateReserved : 2012-07-06T00:00:00 (string)

dateUpdated : 2024-08-06T20:21:04.064Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BEF50EE-4E4B-4641-BA34-B5024F1EF683", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "1CC72248-FD33-4CA0-A16E-0A174A864257", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "7CEFB16E-261F-4B81-BCBE-536CAD2EC44B", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "652D28FC-7133-4C5F-95D9-3468548465B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "AEEEE59D-BC0E-4107-B55D-9B182825E557", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "B4ED400E-48F7-475B-A87C-A14EC63DD93D", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "D827D4C2-7438-4EDD-9025-38D46CD5153C", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "E73C341A-6C07-4820-B1D3-4616B634F380", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "61381D4C-972F-4979-84D2-793E4C60E23E", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "7D8C2A71-0277-4426-8627-D6FD275EFC62", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "3FB3C44C-2C6C-496C-9D2E-C43FFB493C42", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "AD2656B0-9606-477B-BEB3-35746218BF9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "848F82FB-ACCE-42C0-A208-55522A030835", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*", "matchCriteriaId": "B0BBFAA7-BB3F-49D2-975B-01194C66D7C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "515BBBBF-7F42-490E-BF9D-B01AA3DD61C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*", "matchCriteriaId": "31C87FE4-D9E8-4619-9ADB-DFC2D3FE4FB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "BE56BA6B-BDC4-431E-81FD-D7ED5E8783E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "FDDDFB28-1971-4CCD-93D2-ABC08FE67F4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "508105B4-619A-4A9D-8B2F-FE5992C1006A", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "26DB96A5-A57D-452F-A452-98B11F51CAE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "D33AF704-FA05-4EA8-BE95-0177871A810F", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "390FC5AE-4939-468C-B323-6B4E267A0F4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "07DE4213-E233-402E-88C2-B7FF8D7B682C", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "4122D8E3-24AD-4A55-9F89-C3AAD50E638D", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "AF6D6B90-62BA-4944-A699-6D7C48AFD0A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*", "matchCriteriaId": "8EC6A7B3-5949-4439-994A-68DA65438F5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*", "matchCriteriaId": "5140C34D-589C-43DB-BCA7-8434EB173205", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*", "matchCriteriaId": "E561C081-6262-46D3-AB17-01EEA6D3E988", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*", "matchCriteriaId": "4703802D-0E3A-4760-B660-6AE0AF74DD40", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*", "matchCriteriaId": "BE3D39F6-F9C8-4E7F-981A-265B04E85579", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*", "matchCriteriaId": "FEBB3936-7A81-4BD9-80B2-3F614980BBCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE6F41EF-556F-42E0-B26C-B96CD9C77B2B", "versionEndIncluding": "2.6.16", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E5192CB-094F-469E-A644-2255C4F44804", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "D17D2752-CB0D-4CC8-8604-FEBF8DEE16E0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "F66C1E54-FBEA-4008-BC88-A390D415F3F5", "versionEndIncluding": "2.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request."}, {"lang": "es", "value": "Puppet anterior a v2.6.17 y v2.7.x anterior a v2.7.18 y Puppet Enterprise anterior a v2.5.2,\r\npermite a usuarios remotos autenticados a leer ficheros de su elecci\u00f3n en el servidor maestro de Puppet aprovechando un certificado de usuario y una clave privada en una petici\u00f3n GET."}], "id": "CVE-2012-3864", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-06T16:55:06.040", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://puppetlabs.com/security/cve/cve-2012-3864/"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/50014"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2012/dsa-2511"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-1506-1"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839130"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://puppetlabs.com/security/cve/cve-2012-3864/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/50014"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2012/dsa-2511"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1506-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839130"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 9BEF50EE-4E4B-4641-BA34-B5024F1EF683 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 1CC72248-FD33-4CA0-A16E-0A174A864257 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 7CEFB16E-261F-4B81-BCBE-536CAD2EC44B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 652D28FC-7133-4C5F-95D9-3468548465B5 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:* (string)

matchCriteriaId : AEEEE59D-BC0E-4107-B55D-9B182825E557 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:* (string)

matchCriteriaId : B4ED400E-48F7-475B-A87C-A14EC63DD93D (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:* (string)

matchCriteriaId : D827D4C2-7438-4EDD-9025-38D46CD5153C (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:* (string)

matchCriteriaId : E73C341A-6C07-4820-B1D3-4616B634F380 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 61381D4C-972F-4979-84D2-793E4C60E23E (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:* (string)

matchCriteriaId : 7D8C2A71-0277-4426-8627-D6FD275EFC62 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 3FB3C44C-2C6C-496C-9D2E-C43FFB493C42 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:* (string)

matchCriteriaId : AD2656B0-9606-477B-BEB3-35746218BF9C (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:* (string)

matchCriteriaId : 848F82FB-ACCE-42C0-A208-55522A030835 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:* (string)

matchCriteriaId : B0BBFAA7-BB3F-49D2-975B-01194C66D7C2 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:* (string)

matchCriteriaId : 515BBBBF-7F42-490E-BF9D-B01AA3DD61C7 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:* (string)

matchCriteriaId : 31C87FE4-D9E8-4619-9ADB-DFC2D3FE4FB6 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:* (string)

matchCriteriaId : BE56BA6B-BDC4-431E-81FD-D7ED5E8783E9 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:* (string)

matchCriteriaId : FDDDFB28-1971-4CCD-93D2-ABC08FE67F4A (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 508105B4-619A-4A9D-8B2F-FE5992C1006A (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 26DB96A5-A57D-452F-A452-98B11F51CAE6 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:* (string)

matchCriteriaId : D33AF704-FA05-4EA8-BE95-0177871A810F (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 390FC5AE-4939-468C-B323-6B4E267A0F4C (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 07DE4213-E233-402E-88C2-B7FF8D7B682C (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:* (string)

matchCriteriaId : 4122D8E3-24AD-4A55-9F89-C3AAD50E638D (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:* (string)

matchCriteriaId : AF6D6B90-62BA-4944-A699-6D7C48AFD0A1 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:* (string)

matchCriteriaId : 8EC6A7B3-5949-4439-994A-68DA65438F5D (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:* (string)

matchCriteriaId : 5140C34D-589C-43DB-BCA7-8434EB173205 (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:* (string)

matchCriteriaId : E561C081-6262-46D3-AB17-01EEA6D3E988 (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:* (string)

matchCriteriaId : 4703802D-0E3A-4760-B660-6AE0AF74DD40 (string)

vulnerable : true (boolean)

}

29 : { »

criteria : cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:* (string)

matchCriteriaId : BE3D39F6-F9C8-4E7F-981A-265B04E85579 (string)

vulnerable : true (boolean)

}

30 : { »

criteria : cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:* (string)

matchCriteriaId : FEBB3936-7A81-4BD9-80B2-3F614980BBCE (string)

vulnerable : true (boolean)

}

31 : { »

criteria : cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BE6F41EF-556F-42E0-B26C-B96CD9C77B2B (string)

versionEndIncluding : 2.6.16 (string)

vulnerable : true (boolean)

}

32 : { »

criteria : cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 1E5192CB-094F-469E-A644-2255C4F44804 (string)

vulnerable : true (boolean)

}

33 : { »

criteria : cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:* (string)

matchCriteriaId : D17D2752-CB0D-4CC8-8604-FEBF8DEE16E0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F66C1E54-FBEA-4008-BC88-A390D415F3F5 (string)

versionEndIncluding : 2.5.1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request. (string)

}

1 : { »

lang : es (string)

value : Puppet anterior a v2.6.17 y v2.7.x anterior a v2.7.18 y Puppet Enterprise anterior a v2.5.2, permite a usuarios remotos autenticados a leer ficheros de su elección en el servidor maestro de Puppet aprovechando un certificado de usuario y una clave privada en una petición GET. (string)

}

]

id : CVE-2012-3864 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2012-08-06T16:55:06.040 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://puppetlabs.com/security/cve/cve-2012-3864/ (string)

}

3 : { »

source : cve@mitre.org (string)

url : http://secunia.com/advisories/50014 (string)

}

4 : { »

source : cve@mitre.org (string)

url : http://www.debian.org/security/2012/dsa-2511 (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://www.ubuntu.com/usn/USN-1506-1 (string)

}

6 : { »

source : cve@mitre.org (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=839130 (string)

}

7 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4 (string)

}

8 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://puppetlabs.com/security/cve/cve-2012-3864/ (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/50014 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2012/dsa-2511 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/USN-1506-1 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=839130 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4 (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank Puppet Labs for reporting this issue.", "affected_release": [{"advisory": "RHSA-2012:1542", "cpe": "cpe:/a:cloudforms_cloudengine:1::el6", "package": "converge-ui-devel-0:1.0.4-1.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1542", "cpe": "cpe:/a:cloudforms_cloudengine:1::el6", "package": "puppet-0:2.6.17-2.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1542", "cpe": "cpe:/a:cloudforms_cloudengine:1::el6", "package": "rubygem-actionpack-1:3.0.10-10.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1542", "cpe": "cpe:/a:cloudforms_cloudengine:1::el6", "package": "rubygem-activerecord-1:3.0.10-6.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1542", "cpe": "cpe:/a:cloudforms_cloudengine:1::el6", "package": "rubygem-activesupport-1:3.0.10-4.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1542", "cpe": "cpe:/a:cloudforms_cloudengine:1::el6", "package": "rubygem-chunky_png-0:1.2.0-3.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1542", "cpe": "cpe:/a:cloudforms_cloudengine:1::el6", "package": "rubygem-compass-0:0.11.5-2.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1542", "cpe": "cpe:/a:cloudforms_cloudengine:1::el6", "package": "rubygem-compass-960-plugin-0:0.10.4-2.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1542", "cpe": "cpe:/a:cloudforms_cloudengine:1::el6", "package": "rubygem-delayed_job-0:2.1.4-2.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1542", "cpe": "cpe:/a:cloudforms_cloudengine:1::el6", "package": "rubygem-ldap_fluff-0:0.1.3-1.el6_3", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1542", "cpe": "cpe:/a:cloudforms_cloudengine:1::el6", "package": "rubygem-mail-0:2.3.0-3.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}, {"advisory": "RHSA-2012:1542", "cpe": "cpe:/a:cloudforms_cloudengine:1::el6", "package": "rubygem-net-ldap-0:0.1.1-3.el6cf", "product_name": "CloudForms for RHEL 6", "release_date": "2012-12-04T00:00:00Z"}], "bugzilla": {"description": "puppet: authenticated clients allowed to read arbitrary files from the puppet master", "id": "839130", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839130"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "status": "verified"}, "details": ["Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request."], "name": "CVE-2012-3864", "package_state": [{"cpe": "cpe:/a:cloudforms_tools:1", "fix_state": "Affected", "package_name": "puppet", "product_name": "Red Hat CloudForms Tools 1"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:1", "fix_state": "Will not fix", "package_name": "puppet", "product_name": "Red Hat Enterprise MRG 1"}], "public_date": "2012-07-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-3864\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-3864\nhttp://puppetlabs.com/security/cve/cve-2012-3864/"], "threat_severity": "Low"}

{

acknowledgement : Red Hat would like to thank Puppet Labs for reporting this issue. (string)

affected_release : [ »

0 : { »

advisory : RHSA-2012:1542 (string)

cpe : cpe:/a:cloudforms_cloudengine:1::el6 (string)

package : converge-ui-devel-0:1.0.4-1.el6cf (string)

product_name : CloudForms for RHEL 6 (string)

release_date : 2012-12-04T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2012:1542 (string)

cpe : cpe:/a:cloudforms_cloudengine:1::el6 (string)

package : puppet-0:2.6.17-2.el6cf (string)

product_name : CloudForms for RHEL 6 (string)

release_date : 2012-12-04T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2012:1542 (string)

cpe : cpe:/a:cloudforms_cloudengine:1::el6 (string)

package : rubygem-actionpack-1:3.0.10-10.el6cf (string)

product_name : CloudForms for RHEL 6 (string)

release_date : 2012-12-04T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2012:1542 (string)

cpe : cpe:/a:cloudforms_cloudengine:1::el6 (string)

package : rubygem-activerecord-1:3.0.10-6.el6cf (string)

product_name : CloudForms for RHEL 6 (string)

release_date : 2012-12-04T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2012:1542 (string)

cpe : cpe:/a:cloudforms_cloudengine:1::el6 (string)

package : rubygem-activesupport-1:3.0.10-4.el6cf (string)

product_name : CloudForms for RHEL 6 (string)

release_date : 2012-12-04T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2012:1542 (string)

cpe : cpe:/a:cloudforms_cloudengine:1::el6 (string)

package : rubygem-chunky_png-0:1.2.0-3.el6cf (string)

product_name : CloudForms for RHEL 6 (string)

release_date : 2012-12-04T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2012:1542 (string)

cpe : cpe:/a:cloudforms_cloudengine:1::el6 (string)

package : rubygem-compass-0:0.11.5-2.el6cf (string)

product_name : CloudForms for RHEL 6 (string)

release_date : 2012-12-04T00:00:00Z (string)

}

7 : { »

advisory : RHSA-2012:1542 (string)

cpe : cpe:/a:cloudforms_cloudengine:1::el6 (string)

package : rubygem-compass-960-plugin-0:0.10.4-2.el6cf (string)

product_name : CloudForms for RHEL 6 (string)

release_date : 2012-12-04T00:00:00Z (string)

}

8 : { »

advisory : RHSA-2012:1542 (string)

cpe : cpe:/a:cloudforms_cloudengine:1::el6 (string)

package : rubygem-delayed_job-0:2.1.4-2.el6cf (string)

product_name : CloudForms for RHEL 6 (string)

release_date : 2012-12-04T00:00:00Z (string)

}

9 : { »

advisory : RHSA-2012:1542 (string)

cpe : cpe:/a:cloudforms_cloudengine:1::el6 (string)

package : rubygem-ldap_fluff-0:0.1.3-1.el6_3 (string)

product_name : CloudForms for RHEL 6 (string)

release_date : 2012-12-04T00:00:00Z (string)

}

10 : { »

advisory : RHSA-2012:1542 (string)

cpe : cpe:/a:cloudforms_cloudengine:1::el6 (string)

package : rubygem-mail-0:2.3.0-3.el6cf (string)

product_name : CloudForms for RHEL 6 (string)

release_date : 2012-12-04T00:00:00Z (string)

}

11 : { »

advisory : RHSA-2012:1542 (string)

cpe : cpe:/a:cloudforms_cloudengine:1::el6 (string)

package : rubygem-net-ldap-0:0.1.1-3.el6cf (string)

product_name : CloudForms for RHEL 6 (string)

release_date : 2012-12-04T00:00:00Z (string)

}

]

bugzilla : { »

description : puppet: authenticated clients allowed to read arbitrary files from the puppet master (string)

id : 839130 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=839130 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 2.1 (string)

cvss_scoring_vector : AV:N/AC:H/Au:S/C:P/I:N/A:N (string)

status : verified (string)

}

details : [ »

0 : Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request. (string)

]

name : CVE-2012-3864 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:cloudforms_tools:1 (string)

fix_state : Affected (string)

package_name : puppet (string)

product_name : Red Hat CloudForms Tools 1 (string)

}

1 : { »

cpe : cpe:/a:redhat:enterprise_mrg:1 (string)

fix_state : Will not fix (string)

package_name : puppet (string)

product_name : Red Hat Enterprise MRG 1 (string)

}

]

public_date : 2012-07-10T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2012-3864 https://nvd.nist.gov/vuln/detail/CVE-2012-3864 http://puppetlabs.com/security/cve/cve-2012-3864/ (string)

]

threat_severity : Low (string)

}

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object