VDB

DEBIAN-CVE-2012-3864

DEBIAN-CVE-2012-3864 PUBLISHED CVSS 6.900000095367432 MEDIUM

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.

Risk Scores

CVSS v4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
Debian:11puppet0, 0, 0

Timeline

  • Aug 6, 2012 CVE Published
  • Apr 28, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›