CVE-2011-3848
published 2011-10-27CVE-2011-3848: Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR)…
medium5CVSS 3.1
AVNACLAuNCNIPAN
Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | puppet | < puppet 2.7.3-2 (bullseye) | puppet 2.7.3-2 (bullseye) |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | >= 0 < 2.7.3-2 | 2.7.3-2 |
| puppetlabs | puppet | — | — |
| puppetlabs | puppet | — | — |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM