2.1

CVE-2012-1986

EPSS 0.37%
Published 29.05.2012 20:55:07
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.

Affected products Warnungen 0 Metrics 2 CWE 0 References 19

Data is provided by the National Vulnerability Database (NVD)

Puppet ≫ Puppet Version2.6.0

Puppet ≫ Puppet Version2.6.1

Puppet ≫ Puppet Version2.6.2

Puppet ≫ Puppet Version2.6.3

Puppet ≫ Puppet Version2.6.4

Puppet ≫ Puppet Version2.6.5

Puppet ≫ Puppet Version2.6.6

Puppet ≫ Puppet Version2.6.7

Puppet ≫ Puppet Version2.6.8

Puppet ≫ Puppet Version2.6.9

Puppet ≫ Puppet Version2.6.10

Puppet ≫ Puppet Version2.6.11

Puppet ≫ Puppet Version2.6.12

Puppet ≫ Puppet Version2.6.13

Puppet ≫ Puppet Version2.6.14

Puppet ≫ Puppet Version2.7.2

Puppet ≫ Puppet Version2.7.3

Puppet ≫ Puppet Version2.7.4

Puppet ≫ Puppet Version2.7.5

Puppet ≫ Puppet Version2.7.6

Puppet ≫ Puppet Version2.7.7

Puppet ≫ Puppet Version2.7.8

Puppet ≫ Puppet Version2.7.9

Puppet ≫ Puppet Version2.7.10

Puppet ≫ Puppet Version2.7.11

Puppet ≫ Puppet Enterprise Version2.5.0

Puppetlabs ≫ Puppet Version2.7.0

Puppetlabs ≫ Puppet Version2.7.1

Puppet ≫ Puppet Enterprise Version1.2.0

Puppet ≫ Puppet Enterprise Version1.2.1

Puppet ≫ Puppet Enterprise Version1.2.2

Puppet ≫ Puppet Enterprise Version1.2.3

Puppet ≫ Puppet Enterprise Version1.2.4

Puppet ≫ Puppet Enterprise Version2.0.0

Puppet ≫ Puppet Enterprise Version2.0.1

Puppet ≫ Puppet Enterprise Version2.0.2

Puppetlabs ≫ Puppet Enterprise Users Version1.0

Puppetlabs ≫ Puppet Enterprise Users Version1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.37%	0.582

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.1	3.9	2.9	AV:N/AC:H/Au:S/C:P/I:N/A:N

https://hermes.opensuse.org/messages/15087408

http://secunia.com/advisories/48743

Vendor Advisory

http://secunia.com/advisories/48748

Vendor Advisory

http://secunia.com/advisories/48789

Vendor Advisory

http://ubuntu.com/usn/usn-1419-1

http://www.debian.org/security/2012/dsa-2451

http://www.securityfocus.com/bid/52975

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html

http://projects.puppetlabs.com/issues/13511

http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15

http://puppetlabs.com/security/cve/cve-2012-1986/

Vendor Advisory

http://secunia.com/advisories/49136

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/74794

https://hermes.opensuse.org/messages/14523305

https://nvd.nist.gov/vuln/detail/CVE-2012-1986

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-1986

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-1986

EUVD