CVE-2012-1054 — Puppet vulnerability

CWE-26413 documents8 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 78.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Puppet Puppet Enterprise Puppetlabs Puppet +1 more

Timeline

PublishedMay 29

Latest updateMay 14

Description

Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages5 packages

▶NVDpuppetlabs/puppet_enterprise_users1.0, 1.1+1

▶NVDpuppet/puppet_enterprise8 versions+7

▶Debianpuppet/puppet< 2.7.11-1

▶NVDpuppet/puppet23 versions+22

▶NVDpuppetlabs/puppet2.7.0, 2.7.1+1

🔴Vulnerability Details

GHSA

GHSA-9v7j-xc2x-vpx6: Puppet 2↗2022-05-14

▶

CVEList

CVE-2012-1054: Puppet 2↗2012-05-29

▶

OSV

CVE-2012-1054: Puppet 2↗2012-05-29

▶

📋Vendor Advisories

Ubuntu

Puppet vulnerabilities↗2012-02-23

▶

Red Hat

Puppet 2.6.13 Klogin File Handling Issue↗2012-02-22

▶

Debian

CVE-2012-1054: puppet - Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) U...↗2012

▶

💬Community

Bugzilla

CVE-2012-2088 libtiff: Type conversion flaw leading to heap-buffer overflow↗2012-06-18

▶

Bugzilla

CVE-2012-1053 CVE-2012-1054 rhc-server various flaws [openshift-express-1]↗2012-04-03

▶

Bugzilla

CVE-2012-1053 CVE-2012-1054 puppet various flaws [epel-all]↗2012-03-10

▶

Bugzilla

CVE-2011-3872 CVE-2012-1053 CVE-2012-1054 puppet various flaws [fedora-all]↗2012-03-10

▶

Bugzilla

CVE-2012-1053 Puppet 2.6.13 group ID handling issues↗2012-02-15

▶