CVE-2012-3408

N/A Unknown
Published: August 06, 2012 Modified: April 29, 2026
View on NVD

Description

lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://puppetlabs.com/security/cve/cve-2012-3408/
Source: secalert@redhat.com
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=839166
Source: secalert@redhat.com
Third Party Advisory
https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd
Source: secalert@redhat.com
Exploit Patch Third Party Advisory
http://puppetlabs.com/security/cve/cve-2012-3408/
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=839166
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Patch Third Party Advisory

6 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.6%
73th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-287

Affected Vendors

puppet puppetlabs

Related CVEs

CVE-2026-57346 7.1
CVE-2026-25707 8.8
CVE-2026-13601 7.1
CVE-2026-13557 4.3
CVE-2026-13556 4.3