CVE-2012-1988

2012-05-2920:55:08

CWE-78

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.005

Percentile

75.6%

JSON

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.

Affected configurations

Nvd

Node

puppetpuppetRange2.6.0–2.6.15

puppetpuppetRange2.7.0–2.7.13

Node

puppetpuppet_enterpriseRange1.2.0–2.5.1

puppetpuppet_enterpriseMatch1.0

puppetpuppet_enterpriseMatch1.1

Node

fedoraprojectfedoraMatch15

fedoraprojectfedoraMatch16

fedoraprojectfedoraMatch17

Node

debiandebian_linuxMatch6.0

debiandebian_linuxMatch7.0

Node

canonicalubuntu_linuxMatch10.04

canonicalubuntu_linuxMatch11.04

canonicalubuntu_linuxMatch11.10

VendorProductVersionCPE
puppetpuppet*cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*
puppetpuppet_enterprise*cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
puppetpuppet_enterprise1.0cpe:2.3:a:puppet:puppet_enterprise:1.0:*:*:*:*:*:*:*
puppetpuppet_enterprise1.1cpe:2.3:a:puppet:puppet_enterprise:1.1:*:*:*:*:*:*:*
fedoraprojectfedora15cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
fedoraprojectfedora16cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
fedoraprojectfedora17cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
debiandebian_linux6.0cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
canonicalubuntu_linux10.04cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
puppet	puppet	*	cpe:2.3:a:puppet:puppet::::::::
puppet	puppet_enterprise	*	cpe:2.3:a:puppet:puppet_enterprise::::::::
puppet	puppet_enterprise	1.0	cpe:2.3:a:puppet:puppet_enterprise:1.0:::::::*
puppet	puppet_enterprise	1.1	cpe:2.3:a:puppet:puppet_enterprise:1.1:::::::*
fedoraproject	fedora	15	cpe:2.3:o:fedoraproject:fedora:15:::::::*
fedoraproject	fedora	16	cpe:2.3:o:fedoraproject:fedora:16:::::::*
fedoraproject	fedora	17	cpe:2.3:o:fedoraproject:fedora:17:::::::*
debian	debian_linux	6.0	cpe:2.3:o:debian:debian_linux:6.0:::::::*
debian	debian_linux	7.0	cpe:2.3:o:debian:debian_linux:7.0:::::::*
canonical	ubuntu_linux	10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04:::::::*