Issue #13511 has been updated by Matthaus Litteken. Private changed from Yes to No
---------------------------------------- Bug #13511: Filebuckets expose files on puppet master https://projects.puppetlabs.com/issues/13511#change-60331 Author: Andrew Parker Status: Closed Priority: High Assignee: Andrew Parker Category: security Target version: 2.7.13 Affected Puppet version: Keywords: Branch: It is possible to construct a REST request to fetch a file from a filebucket that overrides the puppet master’s defined location for the files to be stored. If a user has access to construct directories and symlinks on the machine they can read any file that the user the puppet master is running as has access to. The user needs to be able to issue a rest request and so will probably also need access to SSL keys from an agent. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
