Lucene search
HistoryApr 10, 2013 - 3:55 p.m.
CVE-2012-6120
red hat openstack
openstack essex
openstack folsom
vulnerability
cve-2012-6120
nvd
information security
permissions
sensitive information
local users
puppet
log files
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files.
Affected configurations
Node
redhatopenstack_essexMatch-
ORredhatopenstack_folsomMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| redhat:openstack_essex | redhat openstack essex | eq | - |
| redhat:openstack_folsom | redhat openstack folsom | eq | - |
Related
nvd
nvd
CVE-2012-6120
2013-04-10 15:55:04
ubuntucve
ubuntucve
CVE-2012-6120
2013-04-10 00:00:00
prion
prion
Code injection
2013-04-10 15:55:00
openvas
openvas
Debian: Security Advisory (DLA-29-1)
2023-03-08 00:00:00
Gentoo Security Advisory GLSA 201308-04
2015-09-29 00:00:00
nessus
nessus
Debian DLA-29-1 : puppet security update
2015-03-26 00:00:00
GLSA-201308-04 : Puppet: Multiple vulnerabilities
2013-08-25 00:00:00
debian
debian
[DLA 29-1] puppet security update
2014-08-01 11:13:53
veracode
veracode
Information Disclosure
2019-01-15 08:51:31
cvelist
cvelist
CVE-2012-6120
2013-04-10 15:00:00
debiancve
debiancve
CVE-2012-6120
2013-04-10 15:55:04
redhat
redhat
(RHSA-2013:0710) Important: puppet security update
2013-04-04 00:00:00
gentoo
gentoo
Puppet: Multiple vulnerabilities
2013-08-23 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2012-6120