CVE-2012-3865

NONECVSS 0.0

0.0

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.

🔗 References (18)

cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
cve@mitrehttp://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
cve@mitrehttp://puppetlabs.com/security/cve/cve-2012-3865/
cve@mitrehttp://secunia.com/advisories/50014
cve@mitrehttp://www.debian.org/security/2012/dsa-2511
cve@mitrehttp://www.ubuntu.com/usn/USN-1506-1
cve@mitrehttps://bugzilla.redhat.com/show_bug.cgi?id=839131
cve@mitrehttps://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
cve@mitrehttps://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
af854a3a-2127-422b-91ae-364da2661108http://puppetlabs.com/security/cve/cve-2012-3865/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50014
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2511
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1506-1

Is Your Infrastructure Affected by CVE-2012-3865?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-3865

📅 Published

🔄 Last Modified

🔗 References (18)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-3865?