CVE Vulnerabilities

CVE-2012-3867

Published: Aug 06, 2012 | Modified: Jul 10, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.

Affected Software

Name Vendor Start Version End Version
Puppet Puppetlabs 2.7.0 2.7.0
Puppet Puppetlabs 2.7.1 2.7.1
Puppet Puppetlabs * 2.6.16
Puppet Puppet 2.6.0 2.6.0
Puppet Puppet 2.6.1 2.6.1
Puppet Puppet 2.6.2 2.6.2
Puppet Puppet 2.6.3 2.6.3
Puppet Puppet 2.6.4 2.6.4
Puppet Puppet 2.6.5 2.6.5
Puppet Puppet 2.6.6 2.6.6
Puppet Puppet 2.6.7 2.6.7
Puppet Puppet 2.6.8 2.6.8
Puppet Puppet 2.6.9 2.6.9
Puppet Puppet 2.6.10 2.6.10
Puppet Puppet 2.6.11 2.6.11
Puppet Puppet 2.6.12 2.6.12
Puppet Puppet 2.6.13 2.6.13
Puppet Puppet 2.6.14 2.6.14
Puppet Puppet 2.6.15 2.6.15
Puppet Puppet 2.7.2 2.7.2
Puppet Puppet 2.7.3 2.7.3
Puppet Puppet 2.7.4 2.7.4
Puppet Puppet 2.7.5 2.7.5
Puppet Puppet 2.7.6 2.7.6
Puppet Puppet 2.7.7 2.7.7
Puppet Puppet 2.7.8 2.7.8
Puppet Puppet 2.7.9 2.7.9
Puppet Puppet 2.7.10 2.7.10
Puppet Puppet 2.7.11 2.7.11
Puppet Puppet 2.7.12 2.7.12
Puppet Puppet 2.7.13 2.7.13
Puppet Puppet 2.7.14 2.7.14
Puppet Puppet 2.7.16 2.7.16
Puppet Puppet 2.7.17 2.7.17

References