Puppet prior to 2.6.17 and 2.7.x prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
puppet puppet 2.6.15 |
||
puppetlabs puppet |
||
puppet puppet 2.6.11 |
||
puppet puppet 2.6.4 |
||
puppet puppet 2.6.5 |
||
puppetlabs puppet 2.7.0 |
||
puppet puppet 2.6.0 |
||
puppet puppet 2.6.14 |
||
puppet puppet 2.6.3 |
||
puppet puppet 2.6.2 |
||
puppetlabs puppet 2.7.1 |
||
puppet puppet 2.7.2 |
||
puppet puppet 2.7.10 |
||
puppet puppet 2.7.11 |
||
puppet puppet 2.7.8 |
||
puppet puppet 2.7.9 |
||
puppet puppet 2.7.17 |
||
puppet puppet 2.6.9 |
||
puppet puppet 2.6.10 |
||
puppet puppet 2.6.7 |
||
puppet puppet 2.6.6 |
||
puppet puppet 2.7.6 |
||
puppet puppet 2.7.7 |
||
puppet puppet 2.7.14 |
||
puppet puppet 2.7.16 |
||
puppet puppet 2.6.12 |
||
puppet puppet 2.6.13 |
||
puppet puppet 2.6.1 |
||
puppet puppet 2.6.8 |
||
puppet puppet 2.7.3 |
||
puppet puppet 2.7.4 |
||
puppet puppet 2.7.5 |
||
puppet puppet 2.7.12 |
||
puppet puppet 2.7.13 |
||
puppet puppet enterprise |
Vulmon