CVE-2012-1986 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2012-1986 Interim 1 13 2023-12-08T02:52:54Z current 2021-05-30T13:03:17Z 2023-12-08T02:52:54Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2012-1986 Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2012-June/000153.html E-Mail link for SUSE-SU-2012:0771-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SP1-TERADATA puppet-2.6.12-0.14.1 puppet-server-2.6.12-0.14.1 pwdutils-3.2.8-0.2.35 puppet-2.6.12-0.14.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA puppet-server-2.6.12-0.14.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA pwdutils-3.2.8-0.2.35 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket. CVE-2012-1986 SUSE Linux Enterprise Server 11 SP1-TERADATA:puppet-2.6.12-0.14.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:puppet-server-2.6.12-0.14.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:pwdutils-3.2.8-0.2.35 moderate 2.1 AV:N/AC:H/Au:S/C:P/I:N/A:N