CVE-2012-3865

Published: Aug 6, 2012Modified: Apr 29, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:N/A:P

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.

Affected (34)

Products: Puppet: Puppet, Puppet Enterprise · Puppetlabs: Puppet

2 products

Puppet Enterprise

1 product

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Puppet Puppet	Version 2.7.10
Puppet Puppet	Version 2.7.11
Puppet Puppet	Version 2.7.12
Puppet Puppet	Version 2.7.13
Puppet Puppet	Version 2.7.14
Puppet Puppet	Version 2.7.16
Puppet Puppet	Version 2.7.2
Puppet Puppet	Version 2.7.3
Puppet Puppet	Version 2.7.4
Puppet Puppet	Version 2.7.5
Puppet Puppet	Version 2.7.6
Puppet Puppet	Version 2.7.8
Puppet Puppet	Version 2.7.9
Puppetlabs Puppet	Up to 2.7.17
Puppetlabs Puppet	Version 2.7.0
Puppetlabs Puppet	Version 2.7.1

Configuration B

17 vulnerable

Vulnerable Software	Affected Versions
Puppet Puppet	Version 2.6.0
Puppet Puppet	Version 2.6.10
Puppet Puppet	Version 2.6.11
Puppet Puppet	Version 2.6.12
Puppet Puppet	Version 2.6.13
Puppet Puppet	Version 2.6.14
Puppet Puppet	Version 2.6.15
Puppet Puppet	Version 2.6.1
Puppet Puppet	Version 2.6.2
Puppet Puppet	Version 2.6.3
Puppet Puppet	Version 2.6.4
Puppet Puppet	Version 2.6.5
Puppet Puppet	Version 2.6.6
Puppet Puppet	Version 2.6.7
Puppet Puppet	Version 2.6.8
Puppet Puppet	Version 2.6.9
Puppetlabs Puppet	Up to 2.6.16

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Puppet Puppet Enterprise	Up to 2.5.1

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (18)

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html

Source: cve@mitre.org

http://puppetlabs.com/security/cve/cve-2012-3865/

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/50014

Source: cve@mitre.org

http://www.debian.org/security/2012/dsa-2511

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-1506-1

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=839131

Source: cve@mitre.org

https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f

Source: cve@mitre.org

ExploitPatch

https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6

Source: cve@mitre.org

ExploitPatch

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://puppetlabs.com/security/cve/cve-2012-3865/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/50014

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2012/dsa-2511

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1506-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=839131

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

Timeline

No history available yet.