VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-75gs-2gu3-6udx

Essentials
Severities (23)
References (21)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-75gs-2gu3-6udx
Aliases	CVE-2012-3865 GHSA-g89m-3wjw-h857
Summary	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	LOW	http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
generic_textual	LOW	http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
generic_textual	LOW	http://puppetlabs.com/security/cve/cve-2012-3865
epss	0.01176	https://api.first.org/data/v1/epss?cve=CVE-2012-3865
epss	0.01176	https://api.first.org/data/v1/epss?cve=CVE-2012-3865
epss	0.01176	https://api.first.org/data/v1/epss?cve=CVE-2012-3865
epss	0.01176	https://api.first.org/data/v1/epss?cve=CVE-2012-3865
epss	0.01176	https://api.first.org/data/v1/epss?cve=CVE-2012-3865
epss	0.01176	https://api.first.org/data/v1/epss?cve=CVE-2012-3865
epss	0.0215	https://api.first.org/data/v1/epss?cve=CVE-2012-3865
epss	0.0215	https://api.first.org/data/v1/epss?cve=CVE-2012-3865
epss	0.0215	https://api.first.org/data/v1/epss?cve=CVE-2012-3865
generic_textual	LOW	https://bugzilla.redhat.com/show_bug.cgi?id=839131
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-g89m-3wjw-h857
generic_textual	LOW	https://github.com/puppetlabs/puppet
generic_textual	LOW	https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
generic_textual	LOW	https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
generic_textual	LOW	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml
generic_textual	LOW	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2012-3865
generic_textual	LOW	https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master
generic_textual	LOW	http://www.debian.org/security/2012/dsa-2511
generic_textual	LOW	http://www.ubuntu.com/usn/USN-1506-1

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
		http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
		http://puppetlabs.com/security/cve/cve-2012-3865
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json
		https://api.first.org/data/v1/epss?cve=CVE-2012-3865
		https://bugzilla.redhat.com/show_bug.cgi?id=839131
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865
		http://secunia.com/advisories/50014
		https://github.com/puppetlabs/puppet
		https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
		https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml
		https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master
		http://www.debian.org/security/2012/dsa-2511
		http://www.ubuntu.com/usn/USN-1506-1
CVE-2012-3865		http://puppetlabs.com/security/cve/cve-2012-3865/
CVE-2012-3865		https://nvd.nist.gov/vuln/detail/CVE-2012-3865
GHSA-g89m-3wjw-h857		https://github.com/advisories/GHSA-g89m-3wjw-h857
RHSA-2012:1542		https://access.redhat.com/errata/RHSA-2012:1542
USN-1506-1		https://usn.ubuntu.com/1506-1/

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.78679
EPSS Score	0.01176
Published At	April 7, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:47:25.118561+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/puppet/CVE-2012-3865.yml	38.0.0