CVE-2012-3865
Puppet < 2.6.17 and 2.7.x < 2.7.18 - Authenticated Arbitrary File Deletion via Node Name Path Traversal
Title source: llmDescription
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.
References (9)
Core 9
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
Exploit, Patch x_refsource_confirm
https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2511
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1506-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50014
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
Exploit, Patch x_refsource_confirm
https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=839131
Vendor Advisory x_refsource_confirm
http://puppetlabs.com/security/cve/cve-2012-3865/
Scores
EPSS
0.0118
EPSS Percentile
79.0%
Details
CWE
CWE-22
Status
published
Products (34)
puppet/puppet
2.7.2
puppet/puppet
2.7.3
puppet/puppet
2.7.4
puppet/puppet
2.7.5
puppet/puppet
2.7.6
puppet/puppet
2.7.8
puppet/puppet
2.7.9
puppet/puppet
2.7.10
puppet/puppet
2.7.11
puppet/puppet
2.7.12
... and 24 more
Published
Aug 06, 2012
Tracked Since
Feb 18, 2026