CVE-2012-3865

N/A Unknown
Published: August 06, 2012 Modified: April 29, 2026
View on NVD

Description

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
Source: cve@mitre.org
http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
Source: cve@mitre.org
http://puppetlabs.com/security/cve/cve-2012-3865/
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/50014
Source: cve@mitre.org
http://www.debian.org/security/2012/dsa-2511
Source: cve@mitre.org
http://www.ubuntu.com/usn/USN-1506-1
Source: cve@mitre.org
https://bugzilla.redhat.com/show_bug.cgi?id=839131
Source: cve@mitre.org
https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
Source: cve@mitre.org
Exploit Patch
https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
Source: cve@mitre.org
Exploit Patch
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://puppetlabs.com/security/cve/cve-2012-3865/
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/50014
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2012/dsa-2511
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/USN-1506-1
Source: af854a3a-2127-422b-91ae-364da2661108
https://bugzilla.redhat.com/show_bug.cgi?id=839131
Source: af854a3a-2127-422b-91ae-364da2661108
https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Patch
https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Patch

18 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.9%
77th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Affected Vendors

puppet puppetlabs

Related CVEs

CVE-2026-57346 7.1
CVE-2026-25707 8.8
CVE-2026-13601 7.1
CVE-2026-13557 4.3
CVE-2026-13556 4.3