CVE-2012-1906 — Vulnetix

CVE-2012-1906 PUBLISHED CVSS 3.299999952316284 LOW

Puppet uses predictable filenames, allowing arbitrary file overwrite

EPSS 0.06% · 20.0th percentile

Risk Scores

CVSS 2.0

3.299999952316284

EPSS Score

0.06%

20.0th percentile

Affected Products

Vendor	Product	Versions
RubyGems	puppet	2.7, 2.6
puppetlabs	puppet_enterprise_users	1.1, 1.0
n/a	n/a	*
puppet	puppet_enterprise	2.0.0, 2.0.2, 1.2.4
puppetlabs	puppet	2.7.0, 2.7.1
puppet	puppet	2.7.6, 2.7.7, 2.7.8

Exploit Intelligence

http://projects.puppetlabs.com/issues/13260 (circl)
USN-1419-1 (circl)
48743 (circl)
puppet-macosx-symlink(74793) (circl)
http://puppetlabs.com/security/cve/cve-2012-1906/ (circl)
52975 (circl)
48748 (circl)
DSA-2451 (circl)
48789 (circl)

Timeline

May 29, 2012 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score

References

http://projects.puppetlabs.com/issues/13260 url
USN-1419-1 vendor-advisory
48743 third-party-advisory
puppet-macosx-symlink(74793) vdb
http://puppetlabs.com/security/cve/cve-2012-1906/ url
52975 vdb
48748 third-party-advisory
DSA-2451 vendor-advisory
48789 third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2012-1906 advisory
https://github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27f url
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.yml url
https://ubuntu.com/usn/usn-1419-1 url
https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975 url
https://www.debian.org/security/2012/dsa-2451 url
http://puppetlabs.com/security/cve/cve-2012-1906 url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›