CVE-2012-3866 (last_run_report.yaml is world readable)
CVSS 3 Base Score:
Posted On:
Assessed Risk Level:
None
A bug in Puppet leaves last_run_report.yaml world readable.
The most recent Puppet run report is stored on the Puppet master with world-readable permissions. The report file contains the context diffs of any changes to configuration on an agent, which may contain sensitive information that an attacker can then access. The last run report is overwritten with every Puppet run.
Note: This only affects the 2.7 series of Puppet.