VYPR
Unrated severityNVD Advisory· Published Oct 27, 2011· Updated Jun 16, 2026

CVE-2011-3872

CVE-2011-3872

Description

Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

26
  • cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*+ 18 more
    • cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
    • (no CPE)range: >= 2.6.0, < 2.6.12 | >= 2.7.0, < 2.7.6
  • cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*
    • (no CPE)range: <= 1.2.3

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.