DEBIAN-CVE-2012-1906

DEBIAN-CVE-2012-1906 PUBLISHED CVSS 8.600000381469727 HIGH

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.

Risk Scores

CVSS v4.0

8.600000381469727

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:11	puppet	0, 0, 0

Timeline

May 29, 2012 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2012-1906 advisory

Open in Interactive Console →