Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-fp2b-81ug-2qhe
Vulnerability ID VCID-fp2b-81ug-2qhe
Aliases CVE-2011-3869
GHSA-8c56-v25w-f89c
Summary Multiple vulnerabilities have been found in Puppet, the worst of which might allow local attackers to gain escalated privileges.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-59 Improper Link Resolution Before File Access ('Link Following')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-3869
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-3869
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-3869
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-3869
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-8c56-v25w-f89c
generic_textual MODERATE https://github.com/puppetlabs/puppet
generic_textual MODERATE https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c
generic_textual MODERATE https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd
generic_textual MODERATE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2011-3869
generic_textual MODERATE https://puppet.com/security/cve/cve-2011-3869
generic_textual MODERATE http://www.debian.org/security/2011/dsa-2314
generic_textual MODERATE http://www.ubuntu.com/usn/USN-1223-1
generic_textual MODERATE http://www.ubuntu.com/usn/USN-1223-2
Reference id Reference type URL
http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json
https://api.first.org/data/v1/epss?cve=CVE-2011-3869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869
https://github.com/puppetlabs/puppet
https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c
https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml
https://nvd.nist.gov/vuln/detail/CVE-2011-3869
https://puppet.com/security/cve/cve-2011-3869
http://www.debian.org/security/2011/dsa-2314
http://www.ubuntu.com/usn/USN-1223-1
http://www.ubuntu.com/usn/USN-1223-2
742645 https://bugzilla.redhat.com/show_bug.cgi?id=742645
GHSA-8c56-v25w-f89c https://github.com/advisories/GHSA-8c56-v25w-f89c
GLSA-201203-03 https://security.gentoo.org/glsa/201203-03
USN-1223-1 https://usn.ubuntu.com/1223-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.13191
EPSS Score 0.00042
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:58:02.263283+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201203-03 38.6.0