Lucene search

CVE-2012-1906

🗓️ 29 May 2012 20:07:55Reported by Debian Security Bug TrackerType

debiancve🔗 security-tracker.debian.org👁 21 Views

Puppet versions 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 have predictable file names when installing Mac OS X packages, allowing local users to install arbitrary packages or overwrite files via symlink attacks in /tmp

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 25
Cvelist	CVE-2012-1906	29 May 201220:00	–	cvelist
NVD	CVE-2012-1906	29 May 201220:55	–	nvd
OSV	Puppet uses predictable filenames, allowing arbitrary file overwrite	14 May 202200:56	–	osv
OSV	puppet - several	13 Apr 201200:00	–	osv
UbuntuCve	CVE-2012-1906	11 Apr 201200:00	–	ubuntucve
CVE	CVE-2012-1906	29 May 201220:55	–	cve
Prion	Code injection	29 May 201220:55	–	prion
Github Security Blog	Puppet uses predictable filenames, allowing arbitrary file overwrite	14 May 202200:56	–	github
RubySec	Puppet uses predictable filenames, allowing arbitrary file overwrite	28 May 201220:00	–	rubygems
OpenVAS	Debian Security Advisory DSA 2451-1 (puppet)	30 Apr 201200:00	–	openvas

OS	OS Version	Architecture	Package	Package Version	Filename
Debian	11	all	puppet	2.7.13-1	puppet_2.7.13-1_all.deb

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

29 May 2012 20:55Current

6.2Medium risk

Vulners AI Score6.2

CVSS23.3

EPSS0.00063