Red Hat Bugzilla – Bug 839135
CVE-2012-3866 puppet: information leak via world readable last_run_report.yaml
Last modified: 2015-07-27 09:25:47 EDT
From puppet labs: CVE-2012-3866 (last_run_report.yaml is world readable)
A bug in Puppet 2.7.17 leaves last_run_report.yaml world readable.
The most recent Puppet run report is stored on the Puppet master with
world-readable permissions. The report file contains the context diffs of any
changes to configuration on an agent, which may contain sensitive information
that an attacker can then access. The last run report is overwritten with
every Puppet run.
Note: This only affects the 2.7 series of Puppet.
Resolved in Puppet 2.7.18
Created puppet tracking bugs for this issue
Affects: fedora-17 [bug 839168]
puppet-2.7.18-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.