V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2012-1989
DEB
Low

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arb…

CVSS
1.9
Low
EPSS
0.00
p31
Published
2012-01-01
Updated
2012-01-01
Description

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).

Tags · CWE
LPE
CWE-264
CWE-377
CAPEC-149
CAPEC-155
Affected products
Puppet
CVSS vector
AV:L/AC:M/Au:N/C:N/I:P/A:N
Timeline
2012-01-01
Published
2012-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: M
Medium
Authentication
Au: N
None (N)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: P
Partial
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.004 · p31
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
puppetTracked
puppetTracked
puppetTracked
puppet*Tracked
puppet_enterprise*Tracked
Source databases
DEB
CVE
UBU
Related vulnerabilities