CVE-2012-1988
Description
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.
Risk Information
Base Score
8.8
MODERATE
Vector
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.492
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2012-1987,CVE-2012-1988 are fixed in Ruby-puppet 2.6.15 | Windows |
| Vulnerabilities CVE-2012-1987,CVE-2012-1988 are fixed in Ruby-puppet 2.7.13 | Windows |
| Vulnerabilities CVE-2012-1987,CVE-2012-1988 are fixed in Ruby-puppet for Linux 2.6.15 | Linux |
| Vulnerabilities CVE-2012-1987,CVE-2012-1988 are fixed in Ruby-puppet for Linux 2.7.13 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234