Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-3865

Опубликовано: 10 июл. 2012
Источник: redhat
CVSS2: 2.1

Описание

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat CloudForms Tools 1puppetAffected
Red Hat Enterprise MRG 1puppetWill not fix
CloudForms for RHEL 6converge-ui-develFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6puppetFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-actionpackFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-activerecordFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-activesupportFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-chunky_pngFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-compassFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-compass-960-pluginFixedRHSA-2012:154204.12.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=839131puppet: authenticated clients allowed to delete arbitrary files on the puppet master

2.1 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-3865

ubuntu
больше 13 лет назад

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.

nvd логотип

CVE-2012-3865

nvd
больше 13 лет назад

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.

debian логотип

CVE-2012-3865

debian
больше 13 лет назад

Directory traversal vulnerability in lib/puppet/reports/store.rb in Pu ...

github логотип

GHSA-g89m-3wjw-h857

github
больше 8 лет назад

Puppet vulnerable to Path Traversal

2.1 Low

CVSS2