Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-6yh9-mvds-f3ge
Vulnerability ID VCID-6yh9-mvds-f3ge
Aliases CVE-2012-3867
GHSA-q44r-f2hm-v76v
Summary Pupper does not properly restrict characters in Common Name field of Certificate Signing Request `lib/puppet/ssl/certificate_authority.rb` in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264 Permissions, Privileges, and Access Controls
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
generic_textual MODERATE http://puppetlabs.com/security/cve/cve-2012-3867
epss 0.01418 https://api.first.org/data/v1/epss?cve=CVE-2012-3867
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=839158
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-q44r-f2hm-v76v
generic_textual MODERATE https://github.com/puppetlabs/puppet
generic_textual MODERATE https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
generic_textual MODERATE https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
generic_textual MODERATE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2012-3867
generic_textual MODERATE https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation
generic_textual MODERATE http://www.debian.org/security/2012/dsa-2511
generic_textual MODERATE http://www.ubuntu.com/usn/USN-1506-1
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
http://puppetlabs.com/security/cve/cve-2012-3867
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json
https://api.first.org/data/v1/epss?cve=CVE-2012-3867
https://bugzilla.redhat.com/show_bug.cgi?id=839158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867
http://secunia.com/advisories/50014
https://github.com/puppetlabs/puppet
https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml
https://nvd.nist.gov/vuln/detail/CVE-2012-3867
https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation
http://www.debian.org/security/2012/dsa-2511
http://www.ubuntu.com/usn/USN-1506-1
CVE-2012-3867 http://puppetlabs.com/security/cve/cve-2012-3867/
GHSA-q44r-f2hm-v76v https://github.com/advisories/GHSA-q44r-f2hm-v76v
RHSA-2012:1542 https://access.redhat.com/errata/RHSA-2012:1542
USN-1506-1 https://usn.ubuntu.com/1506-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.80882
EPSS Score 0.01418
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:57:20.717687+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-q44r-f2hm-v76v/GHSA-q44r-f2hm-v76v.json 38.6.0