CVE-2012-1989 — Vulnetix

CVE-2012-1989 PUBLISHED CVSS 3.5999999046325684 LOW

Puppet allows local users to overwrite arbitrary files via a symlink attack

EPSS 0.06% · 18.5th percentile

Risk Scores

CVSS 2.0

3.5999999046325684

EPSS Score

0.06%

18.5th percentile

Affected Products

Vendor	Product	Versions
puppet	puppet	2.7.10, 2.7.11, 2.7.8
puppet	puppet_enterprise	1.2.4, 1.2.0, 2.0.0
n/a	n/a	n/a
puppetlabs	puppet	2.7.0, 2.7.1
RubyGems	puppet	2.7.1

Exploit Intelligence

http://projects.puppetlabs.com/issues/13606 (circl)
USN-1419-1 (circl)
http://puppetlabs.com/security/cve/cve-2012-1989/ (circl)
48743 (circl)
puppet-nettelnet-symlink(74797) (circl)
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13 (circl)
49136 (circl)
52975 (circl)
openSUSE-SU-2012:0608 (circl)
48748 (circl)

…and 1 more exploits

Timeline

Jun 27, 2012 CVE Published
Sep 8, 2021 CVE Updated
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score

References

http://projects.puppetlabs.com/issues/13606 url
USN-1419-1 vendor-advisory
http://puppetlabs.com/security/cve/cve-2012-1989/ url
48743 third-party-advisory
puppet-nettelnet-symlink(74797) vdb
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13 url
49136 third-party-advisory
52975 vdb
openSUSE-SU-2012:0608 vendor-advisory
48748 third-party-advisory
openSUSE-SU-2012:0835 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2012-1989 advisory
https://github.com/puppetlabs/puppet package
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml url
https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975 url
https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access url
http://puppetlabs.com/security/cve/cve-2012-1989 url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›