Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-1988
HistoryApr 11, 2012 - 12:00 a.m.

CVE-2012-1988

2012-04-1100:00:00
ubuntu.com
ubuntu.com
12

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

EPSS

0.005

Percentile

75.6%

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise
(PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote
authenticated users with agent SSL keys and file-creation permissions on
the puppet master to execute arbitrary commands by creating a file whose
full pathname contains shell metacharacters, then performing a filebucket
request.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchpuppet< 0.25.4-2ubuntu6.7UNKNOWN
ubuntu11.04noarchpuppet< 2.6.4-2ubuntu2.9UNKNOWN
ubuntu11.10noarchpuppet< 2.7.1-1ubuntu3.6UNKNOWN

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

EPSS

0.005

Percentile

75.6%