CVE-2012-3408 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2012-3408 Interim 1 4 2023-07-02T01:29:33Z current 2021-05-30T13:04:55Z 2023-07-02T01:29:33Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2012-3408 lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address. CVE-2012-3408 low 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N