CVE-2012-1906 — Insecure Temporary File in Puppet

CWE-264 CWE-377 — Insecure Temporary File8 documents7 sources

Severity

3.3LOWNVD

EPSS

0.1%

top 80.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Puppet Puppet Enterprise Puppetlabs Puppet +1 more

Timeline

PublishedMay 29

Latest updateMay 14

Description

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages6 packages

▶NVDpuppetlabs/puppet_enterprise_users1.0, 1.1+1

▶NVDpuppet/puppet_enterprise9 versions+8

▶RubyGemspuppet/puppet2.6 — 2.6.15+1

▶Debianpuppet/puppet< 2.7.13-1

▶NVDpuppet/puppet25 versions+24

🔴Vulnerability Details

GHSA

Puppet uses predictable filenames, allowing arbitrary file overwrite↗2022-05-14

▶

OSV

Puppet uses predictable filenames, allowing arbitrary file overwrite↗2022-05-14

▶

OSV

CVE-2012-1906: Puppet 2↗2012-05-29

▶

CVEList

CVE-2012-1906: Puppet 2↗2012-05-29

▶

📋Vendor Advisories

Red Hat

puppet: Puppet uses predictable filenames, allowing arbitrary file overwrite↗2012-05-29

▶

Ubuntu

Puppet vulnerabilities↗2012-04-11

▶

Debian

CVE-2012-1906: puppet - Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) U...↗2012

▶