Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2012-08-06T16:00:00
Updated: 2014-10-08T14:57:01
Reserved: 2012-07-06T00:00:00
Link: CVE-2012-3865
JSON object: View
NVD Information
Status : Modified
Published: 2012-08-06T16:55:06.070
Modified: 2019-07-10T18:02:28.767
Link: CVE-2012-3865
JSON object: View
Redhat Information
No data.
CWE