CVE-2011-3848 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Puppet	Puppet
Puppetlabs	Puppet

Configuration 1 [-]

OR	cpe:2.3:a:puppet:puppet:2.6.0:::::::*
	cpe:2.3:a:puppet:puppet:2.6.1:::::::*
	cpe:2.3:a:puppet:puppet:2.6.2:::::::*
	cpe:2.3:a:puppet:puppet:2.6.3:::::::*
	cpe:2.3:a:puppet:puppet:2.6.4:::::::*
	cpe:2.3:a:puppet:puppet:2.6.5:::::::*
	cpe:2.3:a:puppet:puppet:2.6.6:::::::*
	cpe:2.3:a:puppet:puppet:2.6.7:::::::*
	cpe:2.3:a:puppet:puppet:2.6.8:::::::*
	cpe:2.3:a:puppet:puppet:2.6.9:::::::*
	cpe:2.3:a:puppet:puppet:2.7.2:::::::*
	cpe:2.3:a:puppet:puppet:2.7.3:::::::*
	cpe:2.3:a:puppetlabs:puppet:2.7.0:::::::*
	cpe:2.3:a:puppetlabs:puppet:2.7.1:::::::*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-updates/2011-10/msg00033.html
http://puppetlabs.com/security/cve/cve-2011-3848/
http://secunia.com/advisories/46628
http://www.debian.org/security/2011/dsa-2314
http://www.ubuntu.com/usn/USN-1217-1
https://groups.google.com/group/puppet-announce/browse_thread/thread/e57ce2740feb9406
https://nvd.nist.gov/vuln/detail/CVE-2011-3848
https://puppet.com/security/cve/cve-2011-3848
https://www.cve.org/CVERecord?id=CVE-2011-3848

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-10-27T20:00:00

Updated: 2024-08-06T23:46:03.204Z

Reserved: 2011-09-27T00:00:00

Link: CVE-2011-3848

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-10-27T20:55:01.230

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-3848

Redhat

Severity : Moderate

Publid Date: 2011-09-29T00:00:00Z

Links: CVE-2011-3848 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-08T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-2314", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2314"}, {"name": "openSUSE-SU-2011:1190", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00033.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://groups.google.com/group/puppet-announce/browse_thread/thread/e57ce2740feb9406"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://puppet.com/security/cve/cve-2011-3848"}, {"name": "USN-1217-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1217-1"}, {"name": "46628", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46628"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-3848", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-2314", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2011/dsa-2314"}, {"name": "openSUSE-SU-2011:1190", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00033.html"}, {"name": "https://groups.google.com/group/puppet-announce/browse_thread/thread/e57ce2740feb9406", "refsource": "CONFIRM", "url": "https://groups.google.com/group/puppet-announce/browse_thread/thread/e57ce2740feb9406"}, {"name": "https://puppet.com/security/cve/cve-2011-3848", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/cve-2011-3848"}, {"name": "USN-1217-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1217-1"}, {"name": "46628", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/46628"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:46:03.204Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-2314", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2314"}, {"name": "openSUSE-SU-2011:1190", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00033.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://groups.google.com/group/puppet-announce/browse_thread/thread/e57ce2740feb9406"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://puppet.com/security/cve/cve-2011-3848"}, {"name": "USN-1217-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1217-1"}, {"name": "46628", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/46628"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-3848", "datePublished": "2011-10-27T20:00:00", "dateReserved": "2011-09-27T00:00:00", "dateUpdated": "2024-08-06T23:46:03.204Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BEF50EE-4E4B-4641-BA34-B5024F1EF683", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "1CC72248-FD33-4CA0-A16E-0A174A864257", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "7CEFB16E-261F-4B81-BCBE-536CAD2EC44B", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "652D28FC-7133-4C5F-95D9-3468548465B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "AEEEE59D-BC0E-4107-B55D-9B182825E557", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "B4ED400E-48F7-475B-A87C-A14EC63DD93D", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "D827D4C2-7438-4EDD-9025-38D46CD5153C", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "E73C341A-6C07-4820-B1D3-4616B634F380", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "61381D4C-972F-4979-84D2-793E4C60E23E", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "7D8C2A71-0277-4426-8627-D6FD275EFC62", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "BE56BA6B-BDC4-431E-81FD-D7ED5E8783E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "FDDDFB28-1971-4CCD-93D2-ABC08FE67F4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E5192CB-094F-469E-A644-2255C4F44804", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "D17D2752-CB0D-4CC8-8604-FEBF8DEE16E0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en Puppet v2.6.x antes de v2.6.10 y v2.7.x antes de v2.7.4, permite a atacantes remotos escribir Certificate Signing Request (CSR) X.509 en ubicaciones de su elecci\u00f3n a trav\u00e9s de (1) un par\u00e1metro clave de doble codificaci\u00f3n en la URI en v2.7.x, (2) el CN en el Subject de un CSR en v2.6 y v0.25."}], "id": "CVE-2011-3848", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-10-27T20:55:01.230", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00033.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46628"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2011/dsa-2314"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-1217-1"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://groups.google.com/group/puppet-announce/browse_thread/thread/e57ce2740feb9406"}, {"source": "cve@mitre.org", "url": "https://puppet.com/security/cve/cve-2011-3848"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00033.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46628"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2011/dsa-2314"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1217-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://groups.google.com/group/puppet-announce/browse_thread/thread/e57ce2740feb9406"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://puppet.com/security/cve/cve-2011-3848"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}