V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2012-3865
DEB
Low

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise bef…

CVSS
2.1
Low
EPSS
0.02
p76
Published
2012-01-01
Updated
2012-01-01
Description

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.

Tags · CWE
CWE-22
CAPEC-64
CAPEC-76
CAPEC-78
CAPEC-79
CAPEC-126
Affected products
PuppetPuppet ≤ 2.7.17
CVSS vector
AV:N/AC:H/Au:S/C:N/I:N/A:P
Timeline
2012-01-01
Published
2012-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: H
High (H)
Authentication
Au: S
Single
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: N
None (N)
Availability Impact
A: P
Partial
Exploit indicators
EPSS
0.019 · p76
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
converge-ui-develTracked
puppetTracked
puppetTracked
puppetTracked
rubygem-actionpackTracked
rubygem-activerecordTracked
rubygem-activesupportTracked
rubygem-chunky_pngTracked
rubygem-compassTracked
rubygem-compass-960-pluginTracked
rubygem-delayed_jobTracked
rubygem-ldap_fluffTracked
rubygem-mailTracked
rubygem-net-ldapTracked
puppet*Tracked
puppet*Tracked
puppet_enterprise*Tracked
Source databases
DEB
CVE
RED
UBU