CVE-2011-3848 — Path Traversal in Puppet

CWE-22 — Path Traversal10 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 37.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Puppet Puppetlabs Puppet

Timeline

PublishedOct 27

Latest updateMay 14

Description

Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Debianpuppet/puppet< 2.7.3-2

▶NVDpuppet/puppet12 versions+11

▶NVDpuppetlabs/puppet2.7.0, 2.7.1+1

Patches

Patch: groups.google.com ↗Patch: groups.google.com ↗

🔴Vulnerability Details

GHSA

GHSA-fg2j-w8mh-wrmp: Directory traversal vulnerability in Puppet 2↗2022-05-14

▶

CVEList

CVE-2011-3848: Directory traversal vulnerability in Puppet 2↗2011-10-27

▶

OSV

CVE-2011-3848: Directory traversal vulnerability in Puppet 2↗2011-10-27

▶

📋Vendor Advisories

Ubuntu

Puppet vulnerability↗2011-09-29

▶

Red Hat

puppet: Directory traversal attack by processing certain x509 certificate signing requests↗2011-09-29

▶

Debian

CVE-2011-3848: puppet - Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before...↗2011

▶

💬Community

Bugzilla

CVE-2011-3870 CVE-2011-3869 CVE-2011-3871 CVE-2011-3848 puppet various flaws [fedora-all]↗2011-09-30

▶

Bugzilla

CVE-2011-3870 CVE-2011-3869 CVE-2011-3871 CVE-2011-3848 puppet various flaws [epel-all]↗2011-09-30

▶

Bugzilla

CVE-2011-3848 puppet: Directory traversal attack by processing certain x509 certificate signing requests↗2011-09-29

▶