Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-4t5v-6zvp-yyax
Vulnerability ID VCID-4t5v-6zvp-yyax
Aliases CVE-2012-3867
GHSA-q44r-f2hm-v76v
Summary Pupper does not properly restrict characters in Common Name field of Certificate Signing Request
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264 Permissions, Privileges, and Access Controls
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
generic_textual MODERATE http://puppetlabs.com/security/cve/cve-2012-3867
epss 0.01418 https://api.first.org/data/v1/epss?cve=CVE-2012-3867
epss 0.01418 https://api.first.org/data/v1/epss?cve=CVE-2012-3867
epss 0.01418 https://api.first.org/data/v1/epss?cve=CVE-2012-3867
epss 0.01418 https://api.first.org/data/v1/epss?cve=CVE-2012-3867
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=839158
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-q44r-f2hm-v76v
generic_textual MODERATE https://github.com/puppetlabs/puppet
generic_textual MODERATE https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
generic_textual MODERATE https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
generic_textual MODERATE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2012-3867
generic_textual MODERATE https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation
generic_textual MODERATE http://www.debian.org/security/2012/dsa-2511
generic_textual MODERATE http://www.ubuntu.com/usn/USN-1506-1
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
http://puppetlabs.com/security/cve/cve-2012-3867
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json
https://api.first.org/data/v1/epss?cve=CVE-2012-3867
https://bugzilla.redhat.com/show_bug.cgi?id=839158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867
http://secunia.com/advisories/50014
https://github.com/puppetlabs/puppet
https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
http://www.debian.org/security/2012/dsa-2511
http://www.ubuntu.com/usn/USN-1506-1
CVE-2012-3867 http://puppetlabs.com/security/cve/cve-2012-3867/
CVE-2012-3867 https://nvd.nist.gov/vuln/detail/CVE-2012-3867
CVE-2012-3867-INSUFFICIENT-INPUT-VALIDATION https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation
CVE-2012-3867.YML https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml
GHSA-q44r-f2hm-v76v https://github.com/advisories/GHSA-q44r-f2hm-v76v
RHSA-2012:1542 https://access.redhat.com/errata/RHSA-2012:1542
USN-1506-1 https://usn.ubuntu.com/1506-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.80998
EPSS Score 0.01418
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:23:51.352531+00:00 GHSA Importer Import https://github.com/advisories/GHSA-q44r-f2hm-v76v 38.6.0