CVE-2012-1989 — Vulnetix

Try Vulnetix Request Demo

CVE-2012-1989 PUBLISHED CVSS 3.5999999046325684 LOW

Puppet allows local users to overwrite arbitrary files via a symlink attack

EPSS 0.06% · 18.2th percentile

Risk Scores

CVSS v2.0

3.5999999046325684

EPSS Score

0.06%

18.2th percentile

Affected Products

Vendor	Product	Versions
puppet	puppet	2.7.12, 2.7.3, 2.7.4
puppet	puppet_enterprise	2.0.1, 2.5.0, 2.0.2
n/a	n/a	n/a
puppetlabs	puppet	2.7.1, 2.7.0
RubyGems	puppet	2.7.1

Timeline

Jun 27, 2012 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

http://projects.puppetlabs.com/issues/13606 url
USN-1419-1 vendor-advisory
http://puppetlabs.com/security/cve/cve-2012-1989/ url
48743 third-party-advisory
puppet-nettelnet-symlink(74797) vdb
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13 url
49136 third-party-advisory
52975 vdb
openSUSE-SU-2012:0608 vendor-advisory
48748 third-party-advisory
openSUSE-SU-2012:0835 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2012-1989 advisory
https://github.com/puppetlabs/puppet package
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml url
https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975 url
https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access url
http://puppetlabs.com/security/cve/cve-2012-1989 url

Open in Interactive Console →