Bug #13511
Filebuckets expose files on puppet master
| Status: | Closed | Start date: | 03/29/2012 | |
|---|---|---|---|---|
| Priority: | High | Due date: | ||
| Assignee: |  Andrew Parker | % Done: | 0% | |
| Category: | security | |||
| Target version: | 2.7.13 | |||
| Affected Puppet version: | Branch: | |||
| Keywords: | ||||
Description
It is possible to construct a REST request to fetch a file from a filebucket that overrides the puppet master’s defined location for the files to be stored. If a user has access to construct directories and symlinks on the machine they can read any file that the user the puppet master is running as has access to.
The user needs to be able to issue a rest request and so will probably also need access to SSL keys from an agent.
History
#1
Updated by Andrew Parker about 1 year ago
- Assignee set to Andrew Parker
#2
Updated by Andrew Parker about 1 year ago
- Status changed from Accepted to In Topic Branch Pending Review
Fixes in branches:
- https://github.com/puppetlabs/puppet-cve-test/tree/security/2.6.14/filebucket-bucket-path-security
- https://github.com/puppetlabs/puppet-cve-test/tree/security/2.6.14/filebucket-bucket-path-security
#3
Updated by Matthaus Owens about 1 year ago
- Status changed from In Topic Branch Pending Review to Merged - Pending Release
- Target version set to 2.7.13
#4
Updated by Matthaus Owens about 1 year ago
- Status changed from Merged - Pending Release to Closed
Released in 2.7.13 and 2.6.15
#5
Updated by Matthaus Owens about 1 year ago
- Description updated (diff)
#6
Updated by Matthaus Owens about 1 year ago
- Private changed from Yes to No