Lucene search

K

MitreCVELIST:CVE-2012-1988

HistoryMay 29, 2012 - 8:00 p.m.

CVE-2012-1988

2012-05-2920:00:00

mitre

www.cve.org

8

AI Score

6.9

Confidence

Low

EPSS

0.005

Percentile

75.6%

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.

References

lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html

lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html

projects.puppetlabs.com/issues/13518

projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15

puppetlabs.com/security/cve/cve-2012-1988/

secunia.com/advisories/48743

secunia.com/advisories/48748

secunia.com/advisories/48789

secunia.com/advisories/49136

ubuntu.com/usn/usn-1419-1

www.debian.org/security/2012/dsa-2451

www.osvdb.org/81309

www.securityfocus.com/bid/52975

exchange.xforce.ibmcloud.com/vulnerabilities/74796

hermes.opensuse.org/messages/14523305

hermes.opensuse.org/messages/15087408

AI Score

6.9

Confidence

Low

EPSS

0.005

Percentile

75.6%

Related for CVELIST:CVE-2012-1988

cve1 osv2 rubygems1 nvd1 github1 debiancve1 prion1 ubuntucve1 fedora4 openvas17 nessus11 debian1 ubuntu1 gentoo1 freebsd1