CVE-2012-1906 — Vulnetix

Try Vulnetix Request Demo

CVE-2012-1906 PUBLISHED CVSS 3.299999952316284 LOW

Puppet uses predictable filenames, allowing arbitrary file overwrite

EPSS 0.06% · 19.7th percentile

Risk Scores

CVSS v2.0

3.299999952316284

EPSS Score

0.06%

19.7th percentile

Affected Products

Vendor	Product	Versions
RubyGems	puppet	2.7, 2.6
puppetlabs	puppet_enterprise_users	1.0, 1.1
n/a	n/a	n/a
puppet	puppet_enterprise	1.2.3, 1.2.4, 2.0.0
puppetlabs	puppet	2.7.0, 2.7.1
puppet	puppet	2.7.2, 2.7.3, 2.7.4

Timeline

May 29, 2012 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

http://projects.puppetlabs.com/issues/13260 url
USN-1419-1 vendor-advisory
48743 third-party-advisory
puppet-macosx-symlink(74793) vdb
http://puppetlabs.com/security/cve/cve-2012-1906/ url
52975 vdb
48748 third-party-advisory
DSA-2451 vendor-advisory
48789 third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2012-1906 advisory
https://github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27f url
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.yml url
https://ubuntu.com/usn/usn-1419-1 url
https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975 url
https://www.debian.org/security/2012/dsa-2451 url
http://puppetlabs.com/security/cve/cve-2012-1906 url

Open in Interactive Console →