Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-3865

Опубликовано: 06 авг. 2012
Источник: nvd
CVSS2: 3.5
EPSS Низкий

Описание

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*
Версия до 2.7.17 (включая)
cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*
Версия до 2.6.16 (включая)
Конфигурация 3
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
Версия до 2.5.1 (включая)

EPSS

Процентиль: 84%
0.0215
Низкий

3.5 Low

CVSS2

Дефекты

CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2012-3865

ubuntu
больше 13 лет назад

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.

redhat логотип

CVE-2012-3865

redhat
больше 13 лет назад

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.

debian логотип

CVE-2012-3865

debian
больше 13 лет назад

Directory traversal vulnerability in lib/puppet/reports/store.rb in Pu ...

github логотип

GHSA-g89m-3wjw-h857

github
больше 8 лет назад

Puppet vulnerable to Path Traversal

EPSS

Процентиль: 84%
0.0215
Низкий

3.5 Low

CVSS2

Дефекты

CWE-22