Lucene search

K

MitreCVELIST:CVE-2012-1986

HistoryMay 29, 2012 - 8:00 p.m.

CVE-2012-1986

2012-05-2920:00:00

mitre

www.cve.org

5.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

65.1%

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.

References

lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html

lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html

projects.puppetlabs.com/issues/13511

projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15

puppetlabs.com/security/cve/cve-2012-1986/

secunia.com/advisories/48743

secunia.com/advisories/48748

secunia.com/advisories/48789

secunia.com/advisories/49136

ubuntu.com/usn/usn-1419-1

www.debian.org/security/2012/dsa-2451

www.securityfocus.com/bid/52975

exchange.xforce.ibmcloud.com/vulnerabilities/74794

hermes.opensuse.org/messages/14523305

hermes.opensuse.org/messages/15087408

5.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

65.1%

Related for CVELIST:CVE-2012-1986

cve2 nessus12 amazon1 debiancve2 nvd2 openvas18 ubuntucve2 veracode1 prion2 rubygems1 osv2 github1 cvelist1 fedora4 debian1 gentoo1 freebsd1 ubuntu1