2.1
CVE-2012-3866
- EPSS 0.05%
- Published 06.08.2012 16:55:06
- Last modified 11.04.2025 00:51:21
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.
Data is provided by the National Vulnerability Database (NVD)
Puppetlabs ≫ Puppet Version <= 2.7.17
Puppetlabs ≫ Puppet Version2.7.0
Puppetlabs ≫ Puppet Version2.7.1
Puppet ≫ Puppet Enterprise Version <= 2.5.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.125 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|