CVE-2012-3865 — Puppet vulnerable to Path Traversal

Description

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.

How to fix CVE-2012-3865

To remediate CVE-2012-3865, upgrade the affected package to a fixed version below.

Debian/puppet—upgrade to 2.7.18-1 or later
RubyGems/puppet—upgrade to 2.6.17 or later

Is CVE-2012-3865 being exploited?

Low — EPSS is 1.2%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 2.7.18-1
from 0, < 2.6.17

References (14)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2012-3865
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-3865
PATCHgithub.com/puppetlabs/puppet
WEBlists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
WEB