Issue #19391 has been updated by Matthaus Owens. Private changed from Yes to No
---------------------------------------- Bug #19391: Unsafe handling of query parameters https://projects.puppetlabs.com/issues/19391#change-86948 Author: Josh Cooper Status: Closed Priority: Normal Assignee: Patrick Carlisle Category: Target version: 3.1.1 Affected Puppet version: 0.25.0 Keywords: Branch: A bug in Puppet allows an authenticated client to retrieve catalogs from the puppet master that it is not authorized to access. Given a valid certificate and private key, it is possible to construct an HTTP GET request that will return a catalog for an arbitrary client. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
