3.3

CVE-2012-1906

EPSS 0.06%
Veröffentlicht 29.05.2012 20:55:07
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Puppet ≫ Puppet Version2.6.0

Puppet ≫ Puppet Version2.6.1

Puppet ≫ Puppet Version2.6.2

Puppet ≫ Puppet Version2.6.3

Puppet ≫ Puppet Version2.6.4

Puppet ≫ Puppet Version2.6.5

Puppet ≫ Puppet Version2.6.6

Puppet ≫ Puppet Version2.6.7

Puppet ≫ Puppet Version2.6.8

Puppet ≫ Puppet Version2.6.9

Puppet ≫ Puppet Version2.6.10

Puppet ≫ Puppet Version2.6.11

Puppet ≫ Puppet Version2.6.12

Puppet ≫ Puppet Version2.6.13

Puppet ≫ Puppet Version2.6.14

Puppet ≫ Puppet Version2.7.2

Puppet ≫ Puppet Version2.7.3

Puppet ≫ Puppet Version2.7.4

Puppet ≫ Puppet Version2.7.5

Puppet ≫ Puppet Version2.7.6

Puppet ≫ Puppet Version2.7.7

Puppet ≫ Puppet Version2.7.8

Puppet ≫ Puppet Version2.7.9

Puppet ≫ Puppet Version2.7.10

Puppet ≫ Puppet Version2.7.11

Puppet ≫ Puppet Enterprise Version2.5.0

Puppetlabs ≫ Puppet Version2.7.0

Puppetlabs ≫ Puppet Version2.7.1

Puppet ≫ Puppet Enterprise Version1.2.0

Puppet ≫ Puppet Enterprise Version1.2.1

Puppet ≫ Puppet Enterprise Version1.2.2

Puppet ≫ Puppet Enterprise Version1.2.3

Puppet ≫ Puppet Enterprise Version1.2.4

Puppet ≫ Puppet Enterprise Version2.0.0

Puppet ≫ Puppet Enterprise Version2.0.1

Puppet ≫ Puppet Enterprise Version2.0.2

Puppetlabs ≫ Puppet Enterprise Users Version1.0

Puppetlabs ≫ Puppet Enterprise Users Version1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.167

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	3.4	4.9	AV:L/AC:M/Au:N/C:N/I:P/A:P

http://projects.puppetlabs.com/issues/13260

Vendor Advisory

http://puppetlabs.com/security/cve/cve-2012-1906/

Vendor Advisory

http://secunia.com/advisories/48743

Vendor Advisory

http://secunia.com/advisories/48748

Vendor Advisory

http://secunia.com/advisories/48789

Vendor Advisory

http://ubuntu.com/usn/usn-1419-1

http://www.debian.org/security/2012/dsa-2451

http://www.securityfocus.com/bid/52975

https://exchange.xforce.ibmcloud.com/vulnerabilities/74793

https://nvd.nist.gov/vuln/detail/CVE-2012-1906

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-1906

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-1906

EUVD