2.1

CVE-2012-1986

EPSS 0.37%
Veröffentlicht 29.05.2012 20:55:07
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 19

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Puppet ≫ Puppet Version2.6.0

Puppet ≫ Puppet Version2.6.1

Puppet ≫ Puppet Version2.6.2

Puppet ≫ Puppet Version2.6.3

Puppet ≫ Puppet Version2.6.4

Puppet ≫ Puppet Version2.6.5

Puppet ≫ Puppet Version2.6.6

Puppet ≫ Puppet Version2.6.7

Puppet ≫ Puppet Version2.6.8

Puppet ≫ Puppet Version2.6.9

Puppet ≫ Puppet Version2.6.10

Puppet ≫ Puppet Version2.6.11

Puppet ≫ Puppet Version2.6.12

Puppet ≫ Puppet Version2.6.13

Puppet ≫ Puppet Version2.6.14

Puppet ≫ Puppet Version2.7.2

Puppet ≫ Puppet Version2.7.3

Puppet ≫ Puppet Version2.7.4

Puppet ≫ Puppet Version2.7.5

Puppet ≫ Puppet Version2.7.6

Puppet ≫ Puppet Version2.7.7

Puppet ≫ Puppet Version2.7.8

Puppet ≫ Puppet Version2.7.9

Puppet ≫ Puppet Version2.7.10

Puppet ≫ Puppet Version2.7.11

Puppet ≫ Puppet Enterprise Version2.5.0

Puppetlabs ≫ Puppet Version2.7.0

Puppetlabs ≫ Puppet Version2.7.1

Puppet ≫ Puppet Enterprise Version1.2.0

Puppet ≫ Puppet Enterprise Version1.2.1

Puppet ≫ Puppet Enterprise Version1.2.2

Puppet ≫ Puppet Enterprise Version1.2.3

Puppet ≫ Puppet Enterprise Version1.2.4

Puppet ≫ Puppet Enterprise Version2.0.0

Puppet ≫ Puppet Enterprise Version2.0.1

Puppet ≫ Puppet Enterprise Version2.0.2

Puppetlabs ≫ Puppet Enterprise Users Version1.0

Puppetlabs ≫ Puppet Enterprise Users Version1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.582

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:N/AC:H/Au:S/C:P/I:N/A:N

https://hermes.opensuse.org/messages/15087408

http://secunia.com/advisories/48743

Vendor Advisory

http://secunia.com/advisories/48748

Vendor Advisory

http://secunia.com/advisories/48789

Vendor Advisory

http://ubuntu.com/usn/usn-1419-1

http://www.debian.org/security/2012/dsa-2451

http://www.securityfocus.com/bid/52975

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html

http://projects.puppetlabs.com/issues/13511

http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15

http://puppetlabs.com/security/cve/cve-2012-1986/

Vendor Advisory

http://secunia.com/advisories/49136

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/74794

https://hermes.opensuse.org/messages/14523305

https://nvd.nist.gov/vuln/detail/CVE-2012-1986

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-1986

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-1986

EUVD