Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-4q2x-bx9f-1qgn
Vulnerability ID VCID-4q2x-bx9f-1qgn
Aliases CVE-2012-3865
GHSA-g89m-3wjw-h857
Summary Puppet vulnerable to Path Traversal
Status Published
Exploitability 0.5
Weighted Severity 2.7
Risk 1.4
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual LOW http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
generic_textual LOW http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
generic_textual LOW http://puppetlabs.com/security/cve/cve-2012-3865
epss 0.01176 https://api.first.org/data/v1/epss?cve=CVE-2012-3865
epss 0.01176 https://api.first.org/data/v1/epss?cve=CVE-2012-3865
epss 0.01176 https://api.first.org/data/v1/epss?cve=CVE-2012-3865
epss 0.01176 https://api.first.org/data/v1/epss?cve=CVE-2012-3865
generic_textual LOW https://bugzilla.redhat.com/show_bug.cgi?id=839131
cvssv3.1_qr LOW https://github.com/advisories/GHSA-g89m-3wjw-h857
generic_textual LOW https://github.com/puppetlabs/puppet
generic_textual LOW https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
generic_textual LOW https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
generic_textual LOW https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml
generic_textual LOW https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2012-3865
generic_textual LOW https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master
generic_textual LOW http://www.debian.org/security/2012/dsa-2511
generic_textual LOW http://www.ubuntu.com/usn/USN-1506-1
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
http://puppetlabs.com/security/cve/cve-2012-3865
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json
https://api.first.org/data/v1/epss?cve=CVE-2012-3865
https://bugzilla.redhat.com/show_bug.cgi?id=839131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865
http://secunia.com/advisories/50014
https://github.com/puppetlabs/puppet
https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master
http://www.debian.org/security/2012/dsa-2511
http://www.ubuntu.com/usn/USN-1506-1
CVE-2012-3865 http://puppetlabs.com/security/cve/cve-2012-3865/
CVE-2012-3865 https://nvd.nist.gov/vuln/detail/CVE-2012-3865
CVE-2012-3865.YML https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml
CVE-2012-3865.YML https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml
GHSA-g89m-3wjw-h857 https://github.com/advisories/GHSA-g89m-3wjw-h857
RHSA-2012:1542 https://access.redhat.com/errata/RHSA-2012:1542
USN-1506-1 https://usn.ubuntu.com/1506-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.79124
EPSS Score 0.01176
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:23:48.135176+00:00 GHSA Importer Import https://github.com/advisories/GHSA-g89m-3wjw-h857 38.6.0