logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2011-3848

Description

Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.


Affected Software


CPE Name Name Version
puppet:puppet puppet 2.6.2
puppet:puppet puppet 2.6.3
puppetlabs:puppet puppetlabs puppet 2.7.0
puppetlabs:puppet puppetlabs puppet 2.7.1
puppet:puppet puppet 2.6.0
puppet:puppet puppet 2.6.1
puppet:puppet puppet 2.6.8
puppet:puppet puppet 2.6.9
puppet:puppet puppet 2.6.6
puppet:puppet puppet 2.6.7
puppet:puppet puppet 2.6.4
puppet:puppet puppet 2.6.5
puppet:puppet puppet 2.7.2
puppet:puppet puppet 2.7.3

Related