CVE-2012-3865
Publication date 12 July 2012
Last updated 24 July 2024
Ubuntu priority
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.
References
Related Ubuntu Security Notices (USN)
- USN-1506-1
- Puppet vulnerabilities
- 12 July 2012