Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2012-08-06T16:00:00
Updated: 2024-08-06T20:21:04.052Z
Reserved: 2012-07-06T00:00:00
Link: CVE-2012-3865
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-08-06T16:55:06.070
Modified: 2024-11-21T01:41:45.757
Link: CVE-2012-3865
Redhat