CVE-2011-3848

Priority
Description
Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x
before 2.7.4 allows remote attackers to write X.509 Certificate Signing
Request (CSR) to arbitrary locations via (1) a double-encoded key parameter
in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.
Assigned-to
jdstrand
Notes
Package
Upstream:pending (2.6.10, 2.7.4)
More Information

Updated: 2019-12-05 20:57:56 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)