VYPR
Low severityNVD Advisory· Published Aug 6, 2012· Updated Jun 16, 2026

CVE-2012-3865

CVE-2012-3865

Description

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
puppetRubyGems
< 2.6.172.6.17
puppetRubyGems
>= 2.7.0, < 2.7.182.7.18

Affected products

34
  • cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*+ 31 more
    • cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*range: <=2.7.17
    • cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
    Range: <=2.5.1
  • ghsa-coords
    Range: < 2.6.17

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.