Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2012-3867

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

Software From Fixed in
puppetlabs / puppet 2.7.0 2.7.0.x
puppetlabs / puppet 2.7.1 2.7.1.x
puppetlabs / puppet - 2.6.16.x
puppet / puppet 2.6.0 2.6.0.x
puppet / puppet 2.6.1 2.6.1.x
puppet / puppet 2.6.2 2.6.2.x
puppet / puppet 2.6.3 2.6.3.x
puppet / puppet 2.6.4 2.6.4.x
puppet / puppet 2.6.5 2.6.5.x
puppet / puppet 2.6.6 2.6.6.x
puppet / puppet 2.6.7 2.6.7.x
puppet / puppet 2.6.8 2.6.8.x
puppet / puppet 2.6.9 2.6.9.x
puppet / puppet 2.6.10 2.6.10.x
puppet / puppet 2.6.11 2.6.11.x
puppet / puppet 2.6.12 2.6.12.x
puppet / puppet 2.6.13 2.6.13.x
puppet / puppet 2.6.14 2.6.14.x
puppet / puppet 2.6.15 2.6.15.x
puppet / puppet 2.7.2 2.7.2.x
puppet / puppet 2.7.3 2.7.3.x
puppet / puppet 2.7.4 2.7.4.x
puppet / puppet 2.7.5 2.7.5.x
puppet / puppet 2.7.6 2.7.6.x
puppet / puppet 2.7.7 2.7.7.x
puppet / puppet 2.7.8 2.7.8.x
puppet / puppet 2.7.9 2.7.9.x
puppet / puppet 2.7.10 2.7.10.x
puppet / puppet 2.7.11 2.7.11.x
puppet / puppet 2.7.12 2.7.12.x
puppet / puppet 2.7.13 2.7.13.x
puppet / puppet 2.7.14 2.7.14.x
puppet / puppet 2.7.16 2.7.16.x
puppet / puppet 2.7.17 2.7.17.x
debian / debian_linux 6.0 6.0.x
canonical / ubuntu_linux 12.04 12.04.x
canonical / ubuntu_linux 11.04 11.04.x
canonical / ubuntu_linux 11.10 11.10.x
canonical / ubuntu_linux 10.04 10.04.x
suse / linux_enterprise_server 11-sp1 11-sp1.x
suse / linux_enterprise_desktop 11-sp1 11-sp1.x
suse / linux_enterprise_server 11-sp2 11-sp2.x
suse / linux_enterprise_desktop 11-sp2 11-sp2.x
opensuse / opensuse 11.4 11.4.x
opensuse / opensuse 12.1 12.1.x
puppet / puppet_enterprise - 2.5.1.x
puppet - 2.6.17
puppet 2.7.0 2.7.18