VDB

DEBIAN-CVE-2011-3848

DEBIAN-CVE-2011-3848 PUBLISHED CVSS 8.699999809265137 HIGH

Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.

Risk Scores

CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
Debian:11puppet0, 0, 0

Timeline

  • Oct 27, 2011 CVE Published
  • Apr 28, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›