CVE-2012-1986Uncontrolled Resource Consumption in Puppet

CWE-264CWE-400Uncontrolled Resource Consumption13 documents9 sources
Severity
2.1LOWNVD
EPSS
0.4%
top 40.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
PuppetPuppet EnterprisePuppetlabs Puppet+1 more
Timeline
PublishedMay 29
Latest updateMay 14

Description

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages5 packages

NVDpuppet/puppet_enterprise9 versions+8
Debianpuppet/puppet< 2.7.13-1
NVDpuppet/puppet25 versions+24
NVDpuppetlabs/puppet2.7.0, 2.7.1+1

🔴Vulnerability Details

4
GHSA
GHSA-2crf-gcjf-2wmp: Puppet 22022-05-14
GHSA
Puppet Denial of Service and Arbitrary File Write2022-05-14
CVEList
CVE-2012-1986: Puppet 22012-05-29
OSV
CVE-2012-1986: Puppet 22012-05-29

📋Vendor Advisories

4
Ubuntu
Puppet vulnerabilities2012-04-11
Red Hat
puppet: Filebucket arbitrary file read2012-04-10
Red Hat
puppet: Filebucket denial of service2012-04-10
Debian
CVE-2012-1986: puppet - Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) U...2012

💬Community

4
Bugzilla
CVE-2012-6617 qffmpeg/ffmpeg-spice: DoS via vectors related to the rtp format in ffserver.c2013-12-26
Bugzilla
CVE-2012-1986 CVE-2012-1987 CVE-2012-1988 puppet various flaws [epel-all]2012-04-16
Bugzilla
CVE-2012-1986 CVE-2012-1987 CVE-2012-1988 puppet various flaws [fedora-all]2012-04-16
Bugzilla
CVE-2012-1986 puppet: Filebucket arbitrary file read2012-04-05
CVE-2012-1986 — Uncontrolled Resource Consumption | cvebase