V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2012-1906
DEB
Medium

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses pr…

CVSS
5.5
Medium
EPSS
0.00
p26
Published
2012-01-01
Updated
2012-01-01
Description

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.

Tags · CWE
LPE
CWE-264
Affected products
Puppet
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Timeline
2012-01-01
Published
2012-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: R
Required (R)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: H
High (H)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.004 · p26
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
puppetTracked
puppetTracked
puppet*Tracked
puppet*Tracked
puppet_enterprise*Tracked
puppet_enterprise*Tracked
puppet_enterprise_users*Tracked
Source databases
DEB
CVE
UBU
Related vulnerabilities