Moderate severityNVD Advisory· Published Aug 6, 2012· Updated Apr 29, 2026
CVE-2012-3867
CVE-2012-3867
Description
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
puppetRubyGems | < 2.6.17 | 2.6.17 |
puppetRubyGems | >= 2.7.0, < 2.7.18 | 2.7.18 |
Affected products
47cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*range: <=2.6.16
- cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*+ 30 more
- cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:*:*:*
Patches
2f3419620b420dfedaa5fa841Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
14- github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640nvdExploitIssue TrackingPatchWEB
- github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50nvdExploitIssue TrackingPatchWEB
- lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.htmlnvdThird Party AdvisoryWEB
- lists.opensuse.org/opensuse-updates/2012-07/msg00036.htmlnvdThird Party AdvisoryWEB
- puppetlabs.com/security/cve/cve-2012-3867/nvdVendor Advisory
- www.debian.org/security/2012/dsa-2511nvdThird Party AdvisoryWEB
- www.ubuntu.com/usn/USN-1506-1nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-q44r-f2hm-v76vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-3867ghsaADVISORY
- puppetlabs.com/security/cve/cve-2012-3867ghsaWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.ymlghsaWEB
- www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validationghsaWEB
- secunia.com/advisories/50014nvd
News mentions
0No linked articles in our index yet.