3.3
CVE-2012-1906
- EPSS 0.06%
- Published 29.05.2012 20:55:07
- Last modified 11.04.2025 00:51:21
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.
Data is provided by the National Vulnerability Database (NVD)
Puppet ≫ Puppet Enterprise Version2.5.0
Puppetlabs ≫ Puppet Version2.7.0
Puppetlabs ≫ Puppet Version2.7.1
Puppet ≫ Puppet Enterprise Version1.2.0
Puppet ≫ Puppet Enterprise Version1.2.1
Puppet ≫ Puppet Enterprise Version1.2.2
Puppet ≫ Puppet Enterprise Version1.2.3
Puppet ≫ Puppet Enterprise Version1.2.4
Puppet ≫ Puppet Enterprise Version2.0.0
Puppet ≫ Puppet Enterprise Version2.0.1
Puppet ≫ Puppet Enterprise Version2.0.2
Puppetlabs ≫ Puppet Enterprise Users Version1.0
Puppetlabs ≫ Puppet Enterprise Users Version1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.167 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 3.3 | 3.4 | 4.9 |
AV:L/AC:M/Au:N/C:N/I:P/A:P
|