The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #13511

Filebuckets expose files on puppet master

Added by Anonymous over 2 years ago. Updated over 2 years ago.

Status:ClosedStart date:03/29/2012
Priority:HighDue date:
Assignee:-% Done:

0%

Category:security
Target version:2.7.13
Affected Puppet version: Branch:
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.


Description

It is possible to construct a REST request to fetch a file from a filebucket that overrides the puppet master’s defined location for the files to be stored. If a user has access to construct directories and symlinks on the machine they can read any file that the user the puppet master is running as has access to.

The user needs to be able to issue a rest request and so will probably also need access to SSL keys from an agent.

History

#1 Updated by Anonymous over 2 years ago

  • Assignee set to Anonymous

#2 Updated by Anonymous over 2 years ago

  • Status changed from Accepted to In Topic Branch Pending Review

Fixes in branches:

  • https://github.com/puppetlabs/puppet-cve-test/tree/security/2.6.14/filebucket-bucket-path-security
  • https://github.com/puppetlabs/puppet-cve-test/tree/security/2.6.14/filebucket-bucket-path-security

#3 Updated by Matthaus Owens over 2 years ago

  • Status changed from In Topic Branch Pending Review to Merged - Pending Release
  • Target version set to 2.7.13

#4 Updated by Matthaus Owens over 2 years ago

  • Status changed from Merged - Pending Release to Closed

Released in 2.7.13 and 2.6.15

#5 Updated by Matthaus Owens over 2 years ago

  • Description updated (diff)

#6 Updated by Matthaus Owens over 2 years ago

  • Private changed from Yes to No

Also available in: Atom PDF