Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/135751?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/135751?format=api", "purl": "pkg:gem/puppet@6.9.0", "type": "gem", "namespace": "", "name": "puppet", "version": "6.9.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15783?format=api", "vulnerability_id": "VCID-5qhd-8wfe-27dy", "summary": "Puppet does not properly restrict access to node resources\nPuppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0528.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0528.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50062", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.49966", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50003", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50031", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.49982", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50037", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50029", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50047", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.5002", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50016", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0528" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.yml" }, { "reference_url": "http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html" }, { "reference_url": "http://www.mail-archive.com/puppet-users@googlegroups.com/msg16429.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mail-archive.com/puppet-users@googlegroups.com/msg16429.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/01/27/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/01/27/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/01/31/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/01/31/5" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1365-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1365-1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0528", "reference_id": "CVE-2011-0528", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0528" }, { "reference_url": "https://github.com/advisories/GHSA-9pvx-fwwh-w289", "reference_id": "GHSA-9pvx-fwwh-w289", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9pvx-fwwh-w289" }, { "reference_url": "https://usn.ubuntu.com/1365-1/", "reference_id": "USN-1365-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1365-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2011-0528", "GHSA-9pvx-fwwh-w289" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5qhd-8wfe-27dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35154?format=api", "vulnerability_id": "VCID-63rx-372a-ukby", "summary": "Improper Certificate Validation in Puppet\nPreviously, Puppet operated on the model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7942.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7942.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7942", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30792", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30765", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.3081", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30854", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30852", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30821", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30769", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30895", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30943", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30763", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7942" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2020-7942.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2020-7942.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7942", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7942" }, { "reference_url": "https://puppet.com/security/cve/CVE-2020-7942", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/CVE-2020-7942" }, { "reference_url": "https://puppet.com/security/cve/CVE-2020-7942/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/CVE-2020-7942/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816720", "reference_id": "1816720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816720" }, { "reference_url": "https://github.com/advisories/GHSA-gqvf-892r-vjm5", "reference_id": "GHSA-gqvf-892r-vjm5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gqvf-892r-vjm5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4366", "reference_id": "RHSA-2020:4366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74068?format=api", "purl": "pkg:gem/puppet@6.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qhd-8wfe-27dy" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-h88b-abes-3bgr" }, { "vulnerability": "VCID-jhkk-5euf-uked" }, { "vulnerability": "VCID-kt2h-k72f-tqc7" }, { "vulnerability": "VCID-qdsk-m9ye-z3a4" }, { "vulnerability": "VCID-s94z-5sd6-33dk" }, { "vulnerability": "VCID-ww8x-tzxr-4qbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/puppet@6.13.0" } ], "aliases": [ "CVE-2020-7942", "GHSA-gqvf-892r-vjm5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-63rx-372a-ukby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14779?format=api", "vulnerability_id": "VCID-8xgm-pabz-hkeg", "summary": "Improper Privilege Management\nIn previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2927", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2927" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-10689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25827", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25786", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25828", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25819", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2577", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25732", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25728", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25699", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2593", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25887", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-10689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1" }, { "reference_url": "https://tickets.puppetlabs.com/browse/PUP-7866", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tickets.puppetlabs.com/browse/PUP-7866" }, { "reference_url": "https://usn.ubuntu.com/3567-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3567-1" }, { "reference_url": "https://usn.ubuntu.com/3567-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3567-1/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542850", "reference_id": "1542850", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542850" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412", "reference_id": "890412", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10689", "reference_id": "CVE-2017-10689", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10689" }, { "reference_url": "https://puppet.com/security/cve/CVE-2017-10689", "reference_id": "CVE-2017-10689", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/CVE-2017-10689" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml", "reference_id": "CVE-2017-10689.YML", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml" }, { "reference_url": "https://github.com/advisories/GHSA-vw22-465p-8j5w", "reference_id": "GHSA-vw22-465p-8j5w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vw22-465p-8j5w" }, { "reference_url": "https://usn.ubuntu.com/USN-4804-1/", "reference_id": "USN-USN-4804-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4804-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2017-10689", "GHSA-vw22-465p-8j5w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgm-pabz-hkeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15790?format=api", "vulnerability_id": "VCID-h88b-abes-3bgr", "summary": "Puppet Denial of Service and Arbitrary File Write\nUnspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use \"a marshaled form of a Puppet::FileBucket::File object\" to write to arbitrary file locations.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1987", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73443", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73351", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.7336", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73384", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73355", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73392", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73406", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73429", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73409", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73401", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1987" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74794", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74794" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml" }, { "reference_url": "https://hermes.opensuse.org/messages/14523305", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hermes.opensuse.org/messages/14523305" }, { "reference_url": "https://hermes.opensuse.org/messages/15087408", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hermes.opensuse.org/messages/15087408" }, { "reference_url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975" }, { "reference_url": "https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553" }, { "reference_url": "https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552" }, { "reference_url": "https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15" }, { "reference_url": "https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987" }, { "reference_url": "http://ubuntu.com/usn/usn-1419-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-1419-1" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2451", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2451" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=810070", "reference_id": "810070", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810070" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1987", "reference_id": "CVE-2012-1987", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1987" }, { "reference_url": "https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/", "reference_id": "CVE-2012-1987", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/" }, { "reference_url": "https://github.com/advisories/GHSA-v58w-6xc2-w799", "reference_id": "GHSA-v58w-6xc2-w799", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v58w-6xc2-w799" }, { "reference_url": "https://security.gentoo.org/glsa/201208-02", "reference_id": "GLSA-201208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201208-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://usn.ubuntu.com/1419-1/", "reference_id": "USN-1419-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1419-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2012-1987", "GHSA-v58w-6xc2-w799" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h88b-abes-3bgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15709?format=api", "vulnerability_id": "VCID-jhkk-5euf-uked", "summary": "Improper Link Resolution Before File Access ('Link Following')\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.", "references": [ { "reference_url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3869", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12851", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12885", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12834", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12754", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12951", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12803", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12901", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12671", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12768", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12813", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2314", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2314" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1223-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1223-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1223-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1223-2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=742645", "reference_id": "742645", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=742645" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3869", "reference_id": "CVE-2011-3869", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3869" }, { "reference_url": "https://puppet.com/security/cve/cve-2011-3869", "reference_id": "CVE-2011-3869", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2011-3869" }, { "reference_url": "https://github.com/advisories/GHSA-8c56-v25w-f89c", "reference_id": "GHSA-8c56-v25w-f89c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8c56-v25w-f89c" }, { "reference_url": "https://security.gentoo.org/glsa/201203-03", "reference_id": "GLSA-201203-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-03" }, { "reference_url": "https://usn.ubuntu.com/1223-1/", "reference_id": "USN-1223-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1223-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2011-3869", "GHSA-8c56-v25w-f89c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jhkk-5euf-uked" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15407?format=api", "vulnerability_id": "VCID-kt2h-k72f-tqc7", "summary": "Improper Neutralization of Special Elements used in a Command ('Command Injection')\nPuppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html" }, { "reference_url": "http://projects.puppetlabs.com/issues/13518", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://projects.puppetlabs.com/issues/13518" }, { "reference_url": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-1988", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2012-1988" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65688", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65568", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65616", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65646", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65612", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65664", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65676", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65696", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65682", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65653", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1988" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74796", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74796" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml" }, { "reference_url": "https://hermes.opensuse.org/messages/14523305", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hermes.opensuse.org/messages/14523305" }, { "reference_url": "https://hermes.opensuse.org/messages/15087408", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hermes.opensuse.org/messages/15087408" }, { "reference_url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975" }, { "reference_url": "https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518" }, { "reference_url": "https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15" }, { "reference_url": "https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988" }, { "reference_url": "https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789" }, { "reference_url": "https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748" }, { "reference_url": "https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136" }, { "reference_url": "https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743" }, { "reference_url": "https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975" }, { "reference_url": "http://ubuntu.com/usn/usn-1419-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-1419-1" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2451", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2451" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=810071", "reference_id": "810071", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810071" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-1988/", "reference_id": "CVE-2012-1988", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2012-1988/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1988", "reference_id": "CVE-2012-1988", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1988" }, { "reference_url": "https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/", "reference_id": "CVE-2012-1988", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/" }, { "reference_url": "https://github.com/advisories/GHSA-6xxq-j39w-g3f6", "reference_id": "GHSA-6xxq-j39w-g3f6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6xxq-j39w-g3f6" }, { "reference_url": "https://security.gentoo.org/glsa/201208-02", "reference_id": "GLSA-201208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201208-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://usn.ubuntu.com/1419-1/", "reference_id": "USN-1419-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1419-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2012-1988", "GHSA-6xxq-j39w-g3f6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kt2h-k72f-tqc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11674?format=api", "vulnerability_id": "VCID-qdsk-m9ye-z3a4", "summary": "Unsafe HTTP Redirect in Puppet Agent and Puppet Server\nA flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27023.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27023.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60603", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60563", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60584", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60598", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60577", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60561", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60512", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60543", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60516", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60441", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27023" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023859", "reference_id": "2023859", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023859" }, { "reference_url": "https://security.archlinux.org/AVG-2541", "reference_id": "AVG-2541", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2541" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27023", "reference_id": "CVE-2021-27023", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27023" }, { "reference_url": "https://puppet.com/security/cve/CVE-2021-27023", "reference_id": "CVE-2021-27023", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/CVE-2021-27023" }, { "reference_url": "https://github.com/advisories/GHSA-93j5-g845-9wqp", "reference_id": "GHSA-93j5-g845-9wqp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-93j5-g845-9wqp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1478", "reference_id": "RHSA-2022:1478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1708", "reference_id": "RHSA-2022:1708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4866", "reference_id": "RHSA-2022:4866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4867", "reference_id": "RHSA-2022:4867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4867" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41965?format=api", "purl": "pkg:gem/puppet@6.25.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qhd-8wfe-27dy" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-h88b-abes-3bgr" }, { "vulnerability": "VCID-jhkk-5euf-uked" }, { "vulnerability": "VCID-kt2h-k72f-tqc7" }, { "vulnerability": "VCID-qdsk-m9ye-z3a4" }, { "vulnerability": "VCID-s94z-5sd6-33dk" }, { "vulnerability": "VCID-ww8x-tzxr-4qbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/puppet@6.25.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/74399?format=api", "purl": "pkg:gem/puppet@7.12.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qhd-8wfe-27dy" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-h88b-abes-3bgr" }, { "vulnerability": "VCID-jhkk-5euf-uked" }, { "vulnerability": "VCID-kt2h-k72f-tqc7" }, { "vulnerability": "VCID-qdsk-m9ye-z3a4" }, { "vulnerability": "VCID-s94z-5sd6-33dk" }, { "vulnerability": "VCID-ww8x-tzxr-4qbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/puppet@7.12.1" } ], "aliases": [ "CVE-2021-27023", "GHSA-93j5-g845-9wqp" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qdsk-m9ye-z3a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11672?format=api", "vulnerability_id": "VCID-s94z-5sd6-33dk", "summary": "Silent Configuration Failure in Puppet Agent\nA flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27025.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27025.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27025", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67253", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67288", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67301", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67282", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67268", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.6724", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67216", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67179", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27025" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27025.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27025.yml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014772", "reference_id": "1014772", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014772" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023853", "reference_id": "2023853", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023853" }, { "reference_url": "https://security.archlinux.org/AVG-2541", "reference_id": "AVG-2541", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2541" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27025", "reference_id": "CVE-2021-27025", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27025" }, { "reference_url": "https://puppet.com/security/cve/cve-2021-27025", "reference_id": "CVE-2021-27025", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2021-27025" }, { "reference_url": "https://github.com/advisories/GHSA-q4g7-jrxv-67r9", "reference_id": "GHSA-q4g7-jrxv-67r9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q4g7-jrxv-67r9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1708", "reference_id": "RHSA-2022:1708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4866", "reference_id": "RHSA-2022:4866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4867", "reference_id": "RHSA-2022:4867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8846", "reference_id": "RHSA-2022:8846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8862", "reference_id": "RHSA-2022:8862", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8862" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41965?format=api", "purl": "pkg:gem/puppet@6.25.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qhd-8wfe-27dy" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-h88b-abes-3bgr" }, { "vulnerability": "VCID-jhkk-5euf-uked" }, { "vulnerability": "VCID-kt2h-k72f-tqc7" }, { "vulnerability": "VCID-qdsk-m9ye-z3a4" }, { "vulnerability": "VCID-s94z-5sd6-33dk" }, { "vulnerability": "VCID-ww8x-tzxr-4qbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/puppet@6.25.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/74399?format=api", "purl": "pkg:gem/puppet@7.12.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qhd-8wfe-27dy" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-h88b-abes-3bgr" }, { "vulnerability": "VCID-jhkk-5euf-uked" }, { "vulnerability": "VCID-kt2h-k72f-tqc7" }, { "vulnerability": "VCID-qdsk-m9ye-z3a4" }, { "vulnerability": "VCID-s94z-5sd6-33dk" }, { "vulnerability": "VCID-ww8x-tzxr-4qbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/puppet@7.12.1" } ], "aliases": [ "CVE-2021-27025", "GHSA-q4g7-jrxv-67r9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s94z-5sd6-33dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14212?format=api", "vulnerability_id": "VCID-ww8x-tzxr-4qbn", "summary": "Improper Link Resolution Before File Access ('Link Following')\nPuppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.", "references": [ { "reference_url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087" }, { "reference_url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12653", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12785", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12883", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12933", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12736", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12816", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12867", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12833", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12795", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1275", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0156" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=502881", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=502881" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0156" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/0aae57f91dc69b22fb674f8de3a13c22edd07128", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/0aae57f91dc69b22fb674f8de3a13c22edd07128" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/6111ba80f2c6f6d1541af971f565119e6e03d77d", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/6111ba80f2c6f6d1541af971f565119e6e03d77d" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2010-0156.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2010-0156.yml" }, { "reference_url": "https://web.archive.org/web/20100316113904/http://secunia.com/advisories/38766", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20100316113904/http://secunia.com/advisories/38766" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0156", "reference_id": "CVE-2010-0156", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0156" }, { "reference_url": "https://puppet.com/security/cve/cve-2010-0156", "reference_id": "CVE-2010-0156", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2010-0156" }, { "reference_url": "https://github.com/advisories/GHSA-vrh7-99jh-3fmm", "reference_id": "GHSA-vrh7-99jh-3fmm", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vrh7-99jh-3fmm" }, { "reference_url": "https://security.gentoo.org/glsa/201203-03", "reference_id": "GLSA-201203-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-03" }, { "reference_url": "https://usn.ubuntu.com/917-1/", "reference_id": "USN-917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/917-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2010-0156", "GHSA-vrh7-99jh-3fmm" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ww8x-tzxr-4qbn" } ], "fixing_vulnerabilities": [], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/puppet@6.9.0" }