CVE-2012-1989
published 2012-06-27CVE-2012-1989: telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a…
low3.6CVSS 3.1
AVLACLAuNCNIPAP
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | puppet | < puppet 2.7.13-1 (bullseye) | puppet 2.7.13-1 (bullseye) |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | >= 0 < 2.7.13-1 | 2.7.13-1 |
| puppet | puppet | >= 2.7.1 < 2.7.13 | 2.7.13 |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppetlabs | puppet | — | — |
| puppetlabs | puppet | — | — |
CVSS provenance
nvd3.6LOWAV:L/AC:L/Au:N/C:N/I:P/A:P
osv3.6LOW