Lucene search

K

PRIOn knowledge basePRION:CVE-2012-3865

HistoryAug 06, 2012 - 4:55 p.m.

Directory traversal

2012-08-0616:55:00

PRIOn knowledge base

www.prio-n.com

5

6.6 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.6%

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a … (dot dot) in a node name.

CPENameOperatorVersion
puppeteq2.7.2
puppeteq2.7.3
puppeteq2.7.4
puppeteq2.7.5
puppeteq2.7.6
puppeteq2.7.8
puppeteq2.7.9
puppeteq2.7.10
puppeteq2.7.11
puppeteq2.7.12

Rows per page:

1-10 of 341

References

lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html

lists.opensuse.org/opensuse-updates/2012-07/msg00036.html

puppetlabs.com/security/cve/cve-2012-3865/

secunia.com/advisories/50014

www.debian.org/security/2012/dsa-2511

www.ubuntu.com/usn/USN-1506-1

bugzilla.redhat.com/show_bug.cgi?id=839131

github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f

github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6

6.6 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.6%

Related for PRION:CVE-2012-3865

osv2 cve1 debiancve1 ubuntucve1 github1 nessus9 openvas14 suse1 freebsd2 debian1 amazon1 securityvulns2 ubuntu1 fedora3