-
-
Notifications
You must be signed in to change notification settings - Fork 221
/
CVE-2012-3865.yml
28 lines (28 loc) · 1.24 KB
/
CVE-2012-3865.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
---
gem: puppet
cve: 2012-3865
ghsa: g89m-3wjw-h857
url: https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master
title: Arbitrary file delete/D.O.S on Puppet Master
date: 2017-10-24
description: |
Directory traversal vulnerability in lib/puppet/reports/store.rb
in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet
Enterprise before 2.5.2, when Delete is enabled in auth.conf,
allows remote authenticated users to delete arbitrary files on
the puppet master server via a .. (dot dot) in a node name.
cvss_v2: 3.5
patched_versions:
- "~> 2.6.17"
- ">= 2.7.18"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2012-3865
- https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master
- https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
- https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
- https://github.com/advisories/GHSA-g89m-3wjw-h857
- https://bugzilla.redhat.com/show_bug.cgi?id=839131
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
- http://www.debian.org/security/2012/dsa-2511
- http://www.ubuntu.com/usn/USN-1506-1