Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/572282?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "type": "deb", "namespace": "debian", "name": "puppet", "version": "2.7.23-1~deb7u3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.5.10-4", "latest_non_vulnerable_version": "5.5.10-4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84374?format=api", "vulnerability_id": "VCID-18aq-72zg-3uc9", "summary": "puppet: Unsafe YAML deserialization", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2295", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.8313", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83233", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83201", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83197", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83147", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83161", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83159", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83184", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83191", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83207", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2295" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:C/I:C/A:C" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452651", "reference_id": "1452651", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212", "reference_id": "863212", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212" }, { "reference_url": "https://usn.ubuntu.com/3308-1/", "reference_id": "USN-3308-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3308-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4804-1/", "reference_id": "USN-USN-4804-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4804-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1048993?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4%2Bdeb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4%252Bdeb8u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052089?format=api", "purl": "pkg:deb/debian/puppet@4.8.2-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8xgm-pabz-hkeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@4.8.2-5" } ], "aliases": [ "CVE-2017-2295" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-18aq-72zg-3uc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8452?format=api", "vulnerability_id": "VCID-3kma-3ffw-8qd9", "summary": "Improper Input Validation\nPuppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91037", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91098", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91073", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91058", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91023", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91028", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91046", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91064", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567" }, { "reference_url": "http://secunia.com/advisories/54429", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/54429" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-3567", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppetlabs.com/security/cve/cve-2013-3567" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2715", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2715" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1886-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1886-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745", "reference_id": "712745", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=974649", "reference_id": "974649", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974649" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3567", "reference_id": "CVE-2013-3567", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3567" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-3567/", "reference_id": "CVE-2013-3567", "reference_type": "", "scores": [], "url": "https://puppetlabs.com/security/cve/cve-2013-3567/" }, { "reference_url": "https://github.com/advisories/GHSA-f7p5-w2cr-7cp7", "reference_id": "GHSA-f7p5-w2cr-7cp7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7p5-w2cr-7cp7" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1283", "reference_id": "RHSA-2013:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1284", "reference_id": "RHSA-2013:1284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1284" }, { "reference_url": "https://usn.ubuntu.com/1886-1/", "reference_id": "USN-1886-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1886-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1048991?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4" } ], "aliases": [ "CVE-2013-3567", "GHSA-f7p5-w2cr-7cp7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kma-3ffw-8qd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8397?format=api", "vulnerability_id": "VCID-5g6u-uvej-xbad", "summary": "Moderate severity vulnerability that affects puppet\nUnspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2013-4761", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2013-4761" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70078", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69975", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70024", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.7004", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70063", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70048", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70035", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69972", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69984", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69999", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2761", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2761" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=996856", "reference_id": "996856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996856" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2013-4761/", "reference_id": "CVE-2013-4761", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2013-4761/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4761", "reference_id": "CVE-2013-4761", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4761" }, { "reference_url": "https://github.com/advisories/GHSA-cj43-9h3w-v976", "reference_id": "GHSA-cj43-9h3w-v976", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cj43-9h3w-v976" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1283", "reference_id": "RHSA-2013:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1284", "reference_id": "RHSA-2013:1284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1284" }, { "reference_url": "https://usn.ubuntu.com/1928-1/", "reference_id": "USN-1928-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1928-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1048991?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4" } ], "aliases": [ "CVE-2013-4761", "GHSA-cj43-9h3w-v976" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5g6u-uvej-xbad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44808?format=api", "vulnerability_id": "VCID-73uh-2gkm-6kgy", "summary": "Multiple vulnerabilities have been found in Puppet, the worst of\n which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4956.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4956.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29083", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29157", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29207", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29018", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29082", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29124", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.2913", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29085", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29034", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29062", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4956" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=996855", "reference_id": "996855", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996855" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1283", "reference_id": "RHSA-2013:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1284", "reference_id": "RHSA-2013:1284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1284" }, { "reference_url": "https://usn.ubuntu.com/1928-1/", "reference_id": "USN-1928-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1928-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1048991?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4" } ], "aliases": [ "CVE-2013-4956" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-73uh-2gkm-6kgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8394?format=api", "vulnerability_id": "VCID-7ypq-wmb7-quhc", "summary": "Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet\nUntrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3248.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3248.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22432", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37312", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37336", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37409", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37433", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37261", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37325", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37274", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37302", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37243", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248" }, { "reference_url": "http://secunia.com/advisories/59197", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59197" }, { "reference_url": "http://secunia.com/advisories/59200", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59200" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mcollective-client/CVE-2014-3248.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mcollective-client/CVE-2014-3248.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2014-3248.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2014-3248.yml" }, { "reference_url": "https://web.archive.org/web/20141129061319/http://www.securityfocus.com/bid/68035", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20141129061319/http://www.securityfocus.com/bid/68035" }, { "reference_url": "https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet" }, { "reference_url": "https://web.archive.org/web/20150907182402/http://puppetlabs.com/security/cve/cve-2014-3248", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150907182402/http://puppetlabs.com/security/cve/cve-2014-3248" }, { "reference_url": "http://www.securityfocus.com/bid/68035", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/68035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101346", "reference_id": "1101346", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101346" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2014-3248", "reference_id": "CVE-2014-3248", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2014-3248" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3248", "reference_id": "CVE-2014-3248", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:N/C:C/I:C/A:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3248" }, { "reference_url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/", "reference_id": "CVE-2014-3248-A-LITTLE-PROBLEM-WITH-PUPPET", "reference_type": "", "scores": [], "url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/" }, { "reference_url": "https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/", "reference_id": "CVE-2014-3248-A-LITTLE-PROBLEM-WITH-PUPPET", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/" }, { "reference_url": "https://github.com/advisories/GHSA-92v7-pq4h-58j5", "reference_id": "GHSA-92v7-pq4h-58j5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-92v7-pq4h-58j5" }, { "reference_url": "https://security.gentoo.org/glsa/201412-15", "reference_id": "GLSA-201412-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-15" }, { "reference_url": "https://security.gentoo.org/glsa/201412-45", "reference_id": "GLSA-201412-45", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-45" }, { "reference_url": "https://usn.ubuntu.com/3308-1/", "reference_id": "USN-3308-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3308-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1048991?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4" } ], "aliases": [ "CVE-2014-3248", "GHSA-92v7-pq4h-58j5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ypq-wmb7-quhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14779?format=api", "vulnerability_id": "VCID-8xgm-pabz-hkeg", "summary": "Improper Privilege Management\nIn previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2927", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2927" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-10689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25827", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25786", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25828", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25819", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2577", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25732", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25728", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25699", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2593", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25887", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-10689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1" }, { "reference_url": "https://tickets.puppetlabs.com/browse/PUP-7866", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tickets.puppetlabs.com/browse/PUP-7866" }, { "reference_url": "https://usn.ubuntu.com/3567-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3567-1" }, { "reference_url": "https://usn.ubuntu.com/3567-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3567-1/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542850", "reference_id": "1542850", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542850" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412", "reference_id": "890412", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10689", "reference_id": "CVE-2017-10689", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10689" }, { "reference_url": "https://puppet.com/security/cve/CVE-2017-10689", "reference_id": "CVE-2017-10689", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/CVE-2017-10689" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml", "reference_id": "CVE-2017-10689.YML", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml" }, { "reference_url": "https://github.com/advisories/GHSA-vw22-465p-8j5w", "reference_id": "GHSA-vw22-465p-8j5w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vw22-465p-8j5w" }, { "reference_url": "https://usn.ubuntu.com/USN-4804-1/", "reference_id": "USN-USN-4804-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4804-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052090?format=api", "purl": "pkg:deb/debian/puppet@5.5.10-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.10-4" } ], "aliases": [ "CVE-2017-10689", "GHSA-vw22-465p-8j5w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgm-pabz-hkeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92918?format=api", "vulnerability_id": "VCID-bt3p-h1js-53gg", "summary": "Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78274", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78242", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78185", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78194", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78224", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78206", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78232", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78238", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78264", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78247", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5713" }, { "reference_url": "https://puppet.com/security/cve/cve-2016-5713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/cve-2016-5713" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5713", "reference_id": "CVE-2016-5713", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5713" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052088?format=api", "purl": "pkg:deb/debian/puppet@4.8.2-5~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@4.8.2-5~bpo8%252B1" } ], "aliases": [ "CVE-2016-5713" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bt3p-h1js-53gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55668?format=api", "vulnerability_id": "VCID-fjbx-bqnn-2bf3", "summary": "insecure temporary files", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4969.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4969.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1133", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11408", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11536", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11591", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1138", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11464", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11523", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11533", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11499", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11469", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045212", "reference_id": "1045212", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045212" }, { "reference_url": "https://usn.ubuntu.com/2077-1/", "reference_id": "USN-2077-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2077-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1048991?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4" } ], "aliases": [ "CVE-2013-4969" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fjbx-bqnn-2bf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86260?format=api", "vulnerability_id": "VCID-kkve-dj7r-gue1", "summary": "puppet: certificates could be honored even when revoked", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3250.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3250.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49273", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49228", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.4917", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49201", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49229", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49181", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49235", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49232", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49249", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49222", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3250" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3250", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3250" }, { "reference_url": "https://puppet.com/security/cve/CVE-2014-3250", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/CVE-2014-3250" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101347", "reference_id": "1101347", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101347" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:linux:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3250", "reference_id": "CVE-2014-3250", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3250" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1048991?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4" } ], "aliases": [ "CVE-2014-3250" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkve-dj7r-gue1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58156?format=api", "vulnerability_id": "VCID-wkb1-dm1m-67db", "summary": "Multiple vulnerabilities have been found in Puppet Agent, the worst\n of which could result in the execution of arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77145", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77044", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77049", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77078", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.7706", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77092", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77102", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77129", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77109", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5714" }, { "reference_url": "https://bugs.gentoo.org/597684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.gentoo.org/597684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5714" }, { "reference_url": "https://puppet.com/security/cve/cve-2016-5714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/cve-2016-5714" }, { "reference_url": "https://puppet.com/security/cve/pxp-agent-oct-2016", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/pxp-agent-oct-2016" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2015.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2015.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2015.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2016.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2016.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2016.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2016.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5714", "reference_id": "CVE-2016-5714", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5714" }, { "reference_url": "https://security.gentoo.org/glsa/201710-12", "reference_id": "GLSA-201710-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052088?format=api", "purl": "pkg:deb/debian/puppet@4.8.2-5~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@4.8.2-5~bpo8%252B1" } ], "aliases": [ "CVE-2016-5714" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wkb1-dm1m-67db" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15833?format=api", "vulnerability_id": "VCID-2jc8-n1j4-m7c6", "summary": "Puppet Privilege Escallation\nThe change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1053.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1053.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13279", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13389", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13489", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13551", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13348", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1343", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13479", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13453", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13418", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13372", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73445", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73445" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36" }, { "reference_url": "https://hermes.opensuse.org/messages/15087408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hermes.opensuse.org/messages/15087408" }, { "reference_url": "https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html" }, { "reference_url": "https://ubuntu.com/usn/usn-1372-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ubuntu.com/usn/usn-1372-1" }, { "reference_url": "https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053" }, { "reference_url": "https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458" }, { "reference_url": "https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457" }, { "reference_url": "https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459" }, { "reference_url": "https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158" }, { "reference_url": "https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14" }, { "reference_url": "https://www.debian.org/security/2012/dsa-2419", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2012/dsa-2419" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=791001", "reference_id": "791001", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=791001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1053", "reference_id": "CVE-2012-1053", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1053" }, { "reference_url": "https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/", "reference_id": "CVE-2012-1053", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/" }, { "reference_url": "https://github.com/advisories/GHSA-77hg-g8cc-5r37", "reference_id": "GHSA-77hg-g8cc-5r37", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-77hg-g8cc-5r37" }, { "reference_url": "https://security.gentoo.org/glsa/201203-03", "reference_id": "GLSA-201203-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-03" }, { "reference_url": "https://usn.ubuntu.com/1372-1/", "reference_id": "USN-1372-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1372-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2012-1053", "GHSA-77hg-g8cc-5r37" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2jc8-n1j4-m7c6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8452?format=api", "vulnerability_id": "VCID-3kma-3ffw-8qd9", "summary": "Improper Input Validation\nPuppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91037", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91098", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91073", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91058", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91023", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91028", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91046", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91064", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567" }, { "reference_url": "http://secunia.com/advisories/54429", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/54429" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-3567", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppetlabs.com/security/cve/cve-2013-3567" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2715", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2715" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1886-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1886-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745", "reference_id": "712745", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=974649", "reference_id": "974649", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974649" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3567", "reference_id": "CVE-2013-3567", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3567" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-3567/", "reference_id": "CVE-2013-3567", "reference_type": "", "scores": [], "url": "https://puppetlabs.com/security/cve/cve-2013-3567/" }, { "reference_url": "https://github.com/advisories/GHSA-f7p5-w2cr-7cp7", "reference_id": "GHSA-f7p5-w2cr-7cp7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7p5-w2cr-7cp7" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1283", "reference_id": "RHSA-2013:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1284", "reference_id": "RHSA-2013:1284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1284" }, { "reference_url": "https://usn.ubuntu.com/1886-1/", "reference_id": "USN-1886-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1886-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1048991?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4" } ], "aliases": [ "CVE-2013-3567", "GHSA-f7p5-w2cr-7cp7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kma-3ffw-8qd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44797?format=api", "vulnerability_id": "VCID-3zzj-krc5-skea", "summary": "Multiple vulnerabilities have been found in Puppet, the worst of\n which could lead to execution of arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2275.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2275.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2275", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59373", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59231", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59304", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59328", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59292", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59343", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59356", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59375", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59359", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59341", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2275" }, { "reference_url": "http://secunia.com/advisories/52596", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/52596" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-2275/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppetlabs.com/security/cve/cve-2013-2275/" }, { "reference_url": "http://ubuntu.com/usn/usn-1759-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://ubuntu.com/usn/usn-1759-1" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2643", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2013/dsa-2643" }, { "reference_url": "http://www.securityfocus.com/bid/58449", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/58449" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=919785", "reference_id": "919785", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919785" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2275", "reference_id": "CVE-2013-2275", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2275" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0710", "reference_id": "RHSA-2013:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0710" }, { "reference_url": "https://usn.ubuntu.com/1759-1/", "reference_id": "USN-1759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1759-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2013-2275" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3zzj-krc5-skea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8397?format=api", "vulnerability_id": "VCID-5g6u-uvej-xbad", "summary": "Moderate severity vulnerability that affects puppet\nUnspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2013-4761", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2013-4761" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70078", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69975", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70024", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.7004", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70063", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70048", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70035", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69972", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69984", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69999", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2761", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2761" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=996856", "reference_id": "996856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996856" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2013-4761/", "reference_id": "CVE-2013-4761", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2013-4761/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4761", "reference_id": "CVE-2013-4761", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4761" }, { "reference_url": "https://github.com/advisories/GHSA-cj43-9h3w-v976", "reference_id": "GHSA-cj43-9h3w-v976", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cj43-9h3w-v976" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1283", "reference_id": "RHSA-2013:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1284", "reference_id": "RHSA-2013:1284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1284" }, { "reference_url": "https://usn.ubuntu.com/1928-1/", "reference_id": "USN-1928-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1928-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1048991?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4" } ], "aliases": [ "CVE-2013-4761", "GHSA-cj43-9h3w-v976" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5g6u-uvej-xbad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47723?format=api", "vulnerability_id": "VCID-72s2-y7m6-kuf6", "summary": "Multiple vulnerabilities have been found in Puppet, the worst of\n which might allow local attackers to gain escalated privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1054.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1054.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21599", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21826", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21579", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21656", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21713", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21724", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21685", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21628", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21627", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1054" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=791002", "reference_id": "791002", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=791002" }, { "reference_url": "https://security.gentoo.org/glsa/201203-03", "reference_id": "GLSA-201203-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-03" }, { "reference_url": "https://usn.ubuntu.com/1372-1/", "reference_id": "USN-1372-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1372-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2012-1054" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-72s2-y7m6-kuf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44808?format=api", "vulnerability_id": "VCID-73uh-2gkm-6kgy", "summary": "Multiple vulnerabilities have been found in Puppet, the worst of\n which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4956.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4956.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29083", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29157", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29207", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29018", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29082", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29124", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.2913", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29085", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29034", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29062", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4956" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=996855", "reference_id": "996855", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996855" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1283", "reference_id": "RHSA-2013:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1284", "reference_id": "RHSA-2013:1284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1284" }, { "reference_url": "https://usn.ubuntu.com/1928-1/", "reference_id": "USN-1928-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1928-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1048991?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4" } ], "aliases": [ "CVE-2013-4956" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-73uh-2gkm-6kgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8391?format=api", "vulnerability_id": "VCID-75gs-2gu3-6udx", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nDirectory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3865", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2012-3865" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78719", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78679", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78737", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78712", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78705", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.7874", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0215", "scoring_system": "epss", "scoring_elements": "0.84174", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0215", "scoring_system": "epss", "scoring_elements": "0.84205", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0215", "scoring_system": "epss", "scoring_elements": "0.84187", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839131", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865" }, { "reference_url": "http://secunia.com/advisories/50014", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50014" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml" }, { "reference_url": "https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2511", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2511" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1506-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1506-1" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3865/", "reference_id": "CVE-2012-3865", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2012-3865/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3865", "reference_id": "CVE-2012-3865", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3865" }, { "reference_url": "https://github.com/advisories/GHSA-g89m-3wjw-h857", "reference_id": "GHSA-g89m-3wjw-h857", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g89m-3wjw-h857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://usn.ubuntu.com/1506-1/", "reference_id": "USN-1506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1506-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2012-3865", "GHSA-g89m-3wjw-h857" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-75gs-2gu3-6udx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44778?format=api", "vulnerability_id": "VCID-7jtp-a1nw-bqfs", "summary": "Multiple vulnerabilities have been found in Puppet, the worst of\n which could lead to execution of arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1640.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1640.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1640", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01948", "scoring_system": "epss", "scoring_elements": "0.83489", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01948", "scoring_system": "epss", "scoring_elements": "0.83389", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01948", "scoring_system": "epss", "scoring_elements": "0.83402", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01948", "scoring_system": "epss", "scoring_elements": "0.83416", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01948", "scoring_system": "epss", "scoring_elements": "0.83415", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01948", "scoring_system": "epss", "scoring_elements": "0.8344", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01948", "scoring_system": "epss", "scoring_elements": "0.8345", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01948", "scoring_system": "epss", "scoring_elements": "0.83464", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01948", "scoring_system": "epss", "scoring_elements": "0.83458", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01948", "scoring_system": "epss", "scoring_elements": "0.83453", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1640" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1640" }, { "reference_url": "http://secunia.com/advisories/52596", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/52596" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-1640/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppetlabs.com/security/cve/cve-2013-1640/" }, { "reference_url": "http://ubuntu.com/usn/usn-1759-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://ubuntu.com/usn/usn-1759-1" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2643", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2013/dsa-2643" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=919783", "reference_id": "919783", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919783" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1640", "reference_id": "CVE-2013-1640", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1640" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0710", "reference_id": "RHSA-2013:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0710" }, { "reference_url": "https://usn.ubuntu.com/1759-1/", "reference_id": "USN-1759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1759-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2013-1640" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7jtp-a1nw-bqfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15788?format=api", "vulnerability_id": "VCID-a7cn-eqbq-qyb1", "summary": "Puppet uses predictable filenames, allowing arbitrary file overwrite\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.", "references": [ { "reference_url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3871.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3871.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3871", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13035", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12983", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12904", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13102", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12958", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12814", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12913", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12996", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1305", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3871" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3871", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3871" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/343c7bd381b63e042d437111718918f951d9b30d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/343c7bd381b63e042d437111718918f951d9b30d" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/d76c30935460ded953792dfe49f72b8c5158e899", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/d76c30935460ded953792dfe49f72b8c5158e899" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3871.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3871.yml" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2314", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2314" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1223-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1223-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1223-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1223-2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=742649", "reference_id": "742649", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=742649" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3871", "reference_id": "CVE-2011-3871", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3871" }, { "reference_url": "https://puppet.com/security/cve/cve-2011-3871", "reference_id": "CVE-2011-3871", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2011-3871" }, { "reference_url": "https://github.com/advisories/GHSA-mpmx-gm5v-q789", "reference_id": "GHSA-mpmx-gm5v-q789", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mpmx-gm5v-q789" }, { "reference_url": "https://security.gentoo.org/glsa/201203-03", "reference_id": "GLSA-201203-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-03" }, { "reference_url": "https://usn.ubuntu.com/1223-1/", "reference_id": "USN-1223-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1223-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2011-3871", "GHSA-mpmx-gm5v-q789" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7cn-eqbq-qyb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8424?format=api", "vulnerability_id": "VCID-b94j-dcjk-eqeu", "summary": "Improper Authentication\nlib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.", "references": [ { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3408", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2012-3408" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3408.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3408.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49158", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49111", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49065", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49119", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49116", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49133", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49107", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49113", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49049", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49083", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3408" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839166", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3408" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3408.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3408.yml" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2012-3408-agent-impersonation", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2012-3408-agent-impersonation" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3408/", "reference_id": "CVE-2012-3408", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2012-3408/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3408", "reference_id": "CVE-2012-3408", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3408" }, { "reference_url": "https://github.com/advisories/GHSA-vxf6-w9mp-95hm", "reference_id": "GHSA-vxf6-w9mp-95hm", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vxf6-w9mp-95hm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2012-3408", "GHSA-vxf6-w9mp-95hm" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b94j-dcjk-eqeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47721?format=api", "vulnerability_id": "VCID-fdk4-8wtn-nqct", "summary": "Multiple vulnerabilities have been found in Puppet, the worst of\n which might allow local attackers to gain escalated privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3848.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3848.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3848", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62653", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62711", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62742", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62706", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62758", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62775", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62793", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62783", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.6276", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62801", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3848" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3848", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3848" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=742174", "reference_id": "742174", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=742174" }, { "reference_url": "https://security.gentoo.org/glsa/201203-03", "reference_id": "GLSA-201203-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-03" }, { "reference_url": "https://usn.ubuntu.com/1217-1/", "reference_id": "USN-1217-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1217-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2011-3848" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fdk4-8wtn-nqct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55668?format=api", "vulnerability_id": "VCID-fjbx-bqnn-2bf3", "summary": "insecure temporary files", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4969.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4969.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1133", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11408", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11536", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11591", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1138", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11464", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11523", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11533", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11499", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11469", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045212", "reference_id": "1045212", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045212" }, { "reference_url": "https://usn.ubuntu.com/2077-1/", "reference_id": "USN-2077-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2077-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1048991?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4" } ], "aliases": [ "CVE-2013-4969" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fjbx-bqnn-2bf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15790?format=api", "vulnerability_id": "VCID-h88b-abes-3bgr", "summary": "Puppet Denial of Service and Arbitrary File Write\nUnspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use \"a marshaled form of a Puppet::FileBucket::File object\" to write to arbitrary file locations.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1987", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73443", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73351", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.7336", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73384", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73355", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73392", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73406", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73429", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73409", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73401", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1987" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74794", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74794" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml" }, { "reference_url": "https://hermes.opensuse.org/messages/14523305", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hermes.opensuse.org/messages/14523305" }, { "reference_url": "https://hermes.opensuse.org/messages/15087408", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hermes.opensuse.org/messages/15087408" }, { "reference_url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975" }, { "reference_url": "https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553" }, { "reference_url": "https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552" }, { "reference_url": "https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15" }, { "reference_url": "https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987" }, { "reference_url": "http://ubuntu.com/usn/usn-1419-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-1419-1" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2451", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2451" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=810070", "reference_id": "810070", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810070" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1987", "reference_id": "CVE-2012-1987", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1987" }, { "reference_url": "https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/", "reference_id": "CVE-2012-1987", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/" }, { "reference_url": "https://github.com/advisories/GHSA-v58w-6xc2-w799", "reference_id": "GHSA-v58w-6xc2-w799", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v58w-6xc2-w799" }, { "reference_url": "https://security.gentoo.org/glsa/201208-02", "reference_id": "GLSA-201208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201208-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://usn.ubuntu.com/1419-1/", "reference_id": "USN-1419-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1419-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2012-1987", "GHSA-v58w-6xc2-w799" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h88b-abes-3bgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15709?format=api", "vulnerability_id": "VCID-jhkk-5euf-uked", "summary": "Improper Link Resolution Before File Access ('Link Following')\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.", "references": [ { "reference_url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3869", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12851", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12885", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12834", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12754", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12951", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12803", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12901", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12671", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12768", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12813", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2314", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2314" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1223-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1223-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1223-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1223-2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=742645", "reference_id": "742645", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=742645" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3869", "reference_id": "CVE-2011-3869", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3869" }, { "reference_url": "https://puppet.com/security/cve/cve-2011-3869", "reference_id": "CVE-2011-3869", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2011-3869" }, { "reference_url": "https://github.com/advisories/GHSA-8c56-v25w-f89c", "reference_id": "GHSA-8c56-v25w-f89c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8c56-v25w-f89c" }, { "reference_url": "https://security.gentoo.org/glsa/201203-03", "reference_id": "GLSA-201203-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-03" }, { "reference_url": "https://usn.ubuntu.com/1223-1/", "reference_id": "USN-1223-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1223-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2011-3869", "GHSA-8c56-v25w-f89c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jhkk-5euf-uked" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15407?format=api", "vulnerability_id": "VCID-kt2h-k72f-tqc7", "summary": "Improper Neutralization of Special Elements used in a Command ('Command Injection')\nPuppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html" }, { "reference_url": "http://projects.puppetlabs.com/issues/13518", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://projects.puppetlabs.com/issues/13518" }, { "reference_url": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-1988", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2012-1988" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65688", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65568", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65616", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65646", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65612", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65664", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65676", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65696", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65682", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65653", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1988" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74796", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74796" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml" }, { "reference_url": "https://hermes.opensuse.org/messages/14523305", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hermes.opensuse.org/messages/14523305" }, { "reference_url": "https://hermes.opensuse.org/messages/15087408", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hermes.opensuse.org/messages/15087408" }, { "reference_url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975" }, { "reference_url": "https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518" }, { "reference_url": "https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15" }, { "reference_url": "https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988" }, { "reference_url": "https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789" }, { "reference_url": "https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748" }, { "reference_url": "https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136" }, { "reference_url": "https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743" }, { "reference_url": "https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975" }, { "reference_url": "http://ubuntu.com/usn/usn-1419-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-1419-1" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2451", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2451" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=810071", "reference_id": "810071", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810071" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-1988/", "reference_id": "CVE-2012-1988", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2012-1988/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1988", "reference_id": "CVE-2012-1988", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1988" }, { "reference_url": "https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/", "reference_id": "CVE-2012-1988", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/" }, { "reference_url": "https://github.com/advisories/GHSA-6xxq-j39w-g3f6", "reference_id": "GHSA-6xxq-j39w-g3f6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6xxq-j39w-g3f6" }, { "reference_url": "https://security.gentoo.org/glsa/201208-02", "reference_id": "GLSA-201208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201208-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://usn.ubuntu.com/1419-1/", "reference_id": "USN-1419-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1419-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2012-1988", "GHSA-6xxq-j39w-g3f6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kt2h-k72f-tqc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44785?format=api", "vulnerability_id": "VCID-nf2h-5vd2-6kb1", "summary": "Multiple vulnerabilities have been found in Puppet, the worst of\n which could lead to execution of arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1653", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01966", "scoring_system": "epss", "scoring_elements": "0.83556", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01966", "scoring_system": "epss", "scoring_elements": "0.83457", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01966", "scoring_system": "epss", "scoring_elements": "0.83469", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01966", "scoring_system": "epss", "scoring_elements": "0.83484", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01966", "scoring_system": "epss", "scoring_elements": "0.83482", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01966", "scoring_system": "epss", "scoring_elements": "0.83507", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01966", "scoring_system": "epss", "scoring_elements": "0.83516", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01966", "scoring_system": "epss", "scoring_elements": "0.83531", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01966", "scoring_system": "epss", "scoring_elements": "0.83525", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01966", "scoring_system": "epss", "scoring_elements": "0.83521", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1653" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1653", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1653" }, { "reference_url": "http://secunia.com/advisories/52596", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/52596" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-1653/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppetlabs.com/security/cve/cve-2013-1653/" }, { "reference_url": "http://ubuntu.com/usn/usn-1759-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://ubuntu.com/usn/usn-1759-1" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2643", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2013/dsa-2643" }, { "reference_url": "http://www.securityfocus.com/bid/58446", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/58446" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.0:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:1.0:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.0:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.1:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:1.1:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.1:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.0:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:1.2.0:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.0:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.1:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:1.2.1:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.1:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.2:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:1.2.2:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.2:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.3:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:1.2.3:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.3:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.4:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:1.2.4:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.4:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.5:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:1.2.5:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.5:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.6:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:1.2.6:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.6:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1653", "reference_id": "CVE-2013-1653", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:C/I:C/A:C" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1653" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://usn.ubuntu.com/1759-1/", "reference_id": "USN-1759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1759-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2013-1653" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nf2h-5vd2-6kb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8438?format=api", "vulnerability_id": "VCID-pdpa-qfpq-zkcq", "summary": "Improper Input Validation\nPuppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to \"serialized attributes.\"", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1655", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70419", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70315", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70328", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70344", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70322", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70367", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70382", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70406", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70391", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70376", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1655" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655" }, { "reference_url": "http://secunia.com/advisories/52596", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/52596" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-1655.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-1655.yml" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-1655", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppetlabs.com/security/cve/cve-2013-1655" }, { "reference_url": "https://web.archive.org/web/20200228144801/http://www.securityfocus.com/bid/58442", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228144801/http://www.securityfocus.com/bid/58442" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2013-1655-unauthenticated-remote-code-execution-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2013-1655-unauthenticated-remote-code-execution-vulnerability" }, { "reference_url": "http://ubuntu.com/usn/usn-1759-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-1759-1" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2643", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2643" }, { "reference_url": "http://www.securityfocus.com/bid/58442", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/58442" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1655", "reference_id": "CVE-2013-1655", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1655" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-1655/", "reference_id": "CVE-2013-1655", "reference_type": "", "scores": [], "url": "https://puppetlabs.com/security/cve/cve-2013-1655/" }, { "reference_url": "https://github.com/advisories/GHSA-574q-fxfj-wv6h", "reference_id": "GHSA-574q-fxfj-wv6h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-574q-fxfj-wv6h" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://usn.ubuntu.com/1759-1/", "reference_id": "USN-1759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1759-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2013-1655", "GHSA-574q-fxfj-wv6h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pdpa-qfpq-zkcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8447?format=api", "vulnerability_id": "VCID-pgg8-9sk2-57ee", "summary": "Low severity vulnerability that affects puppet\ntelnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html" }, { "reference_url": "http://projects.puppetlabs.com/issues/13606", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://projects.puppetlabs.com/issues/13606" }, { "reference_url": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-1989", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2012-1989" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1989", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18333", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18487", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18181", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18236", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18287", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18433", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18196", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1828", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18282", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989" }, { "reference_url": "http://secunia.com/advisories/48743", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/48743" }, { "reference_url": "http://secunia.com/advisories/48748", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/48748" }, { "reference_url": "http://secunia.com/advisories/49136", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/49136" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74797", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74797" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml" }, { "reference_url": "https://hermes.opensuse.org/messages/15087408", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hermes.opensuse.org/messages/15087408" }, { "reference_url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access" }, { "reference_url": "http://ubuntu.com/usn/usn-1419-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-1419-1" }, { "reference_url": "http://www.securityfocus.com/bid/52975", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/52975" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=837339", "reference_id": "837339", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=837339" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-1989/", "reference_id": "CVE-2012-1989", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2012-1989/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1989", "reference_id": "CVE-2012-1989", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1989" }, { "reference_url": "https://github.com/advisories/GHSA-c5qq-g673-5p49", "reference_id": "GHSA-c5qq-g673-5p49", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c5qq-g673-5p49" }, { "reference_url": "https://security.gentoo.org/glsa/201208-02", "reference_id": "GLSA-201208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201208-02" }, { "reference_url": "https://usn.ubuntu.com/1419-1/", "reference_id": "USN-1419-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1419-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2012-1989", "GHSA-c5qq-g673-5p49" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pgg8-9sk2-57ee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44794?format=api", "vulnerability_id": "VCID-rfcx-7kc9-mbcr", "summary": "Multiple vulnerabilities have been found in Puppet, the worst of\n which could lead to execution of arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2274.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2274.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2274", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01851", "scoring_system": "epss", "scoring_elements": "0.83035", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01851", "scoring_system": "epss", "scoring_elements": "0.82933", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01851", "scoring_system": "epss", "scoring_elements": "0.82949", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01851", "scoring_system": "epss", "scoring_elements": "0.82961", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01851", "scoring_system": "epss", "scoring_elements": "0.82959", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01851", "scoring_system": "epss", "scoring_elements": "0.82983", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01851", "scoring_system": "epss", "scoring_elements": "0.82991", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01851", "scoring_system": "epss", "scoring_elements": "0.83007", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01851", "scoring_system": "epss", "scoring_elements": "0.83", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01851", "scoring_system": "epss", "scoring_elements": "0.82996", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2274" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2274", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2274" }, { "reference_url": "http://secunia.com/advisories/52596", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/52596" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-2274/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppetlabs.com/security/cve/cve-2013-2274/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2643", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2013/dsa-2643" }, { "reference_url": "http://www.securityfocus.com/bid/58447", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/58447" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=919773", "reference_id": "919773", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919773" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.6.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.6.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.6.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2274", "reference_id": "CVE-2013-2274", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2274" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0710", "reference_id": "RHSA-2013:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0710" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2013-2274" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rfcx-7kc9-mbcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87047?format=api", "vulnerability_id": "VCID-rrky-upea-nfd4", "summary": "puppet: authenticated clients allowed to read arbitrary files from the puppet master", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3864.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3864.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3864", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54466", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54542", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54565", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54534", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54586", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.5458", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54592", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54574", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54553", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.5459", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839130", "reference_id": "839130", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://usn.ubuntu.com/1506-1/", "reference_id": "USN-1506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1506-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2012-3864" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rrky-upea-nfd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44782?format=api", "vulnerability_id": "VCID-sweb-hbec-k3ha", "summary": "Multiple vulnerabilities have been found in Puppet, the worst of\n which could lead to execution of arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1652.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1652.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1652", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60452", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60288", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60364", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60391", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60359", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60407", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60424", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60444", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60431", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60411", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1652" }, { "reference_url": "http://secunia.com/advisories/52596", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/52596" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-1652/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppetlabs.com/security/cve/cve-2013-1652/" }, { "reference_url": "http://ubuntu.com/usn/usn-1759-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://ubuntu.com/usn/usn-1759-1" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2643", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2013/dsa-2643" }, { "reference_url": "http://www.securityfocus.com/bid/58443", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/58443" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=919784", "reference_id": "919784", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919784" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1652", "reference_id": "CVE-2013-1652", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1652" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0710", "reference_id": "RHSA-2013:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0710" }, { "reference_url": "https://usn.ubuntu.com/1759-1/", "reference_id": "USN-1759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1759-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2013-1652" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sweb-hbec-k3ha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15405?format=api", "vulnerability_id": "VCID-tetf-xa1u-uffv", "summary": "Puppet uses predictable filenames, allowing arbitrary file overwrite\nPuppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.", "references": [ { "reference_url": "http://projects.puppetlabs.com/issues/13260", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://projects.puppetlabs.com/issues/13260" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-1906", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2012-1906" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1906.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1906.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1906", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1972", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19931", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19986", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19712", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19792", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19844", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19847", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19802", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19745", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19785", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1906" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1906", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1906" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74793", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74793" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27f" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.yml" }, { "reference_url": "https://ubuntu.com/usn/usn-1419-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ubuntu.com/usn/usn-1419-1" }, { "reference_url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975" }, { "reference_url": "https://www.debian.org/security/2012/dsa-2451", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2012/dsa-2451" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236311", "reference_id": "2236311", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236311" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-1906/", "reference_id": "CVE-2012-1906", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2012-1906/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1906", "reference_id": "CVE-2012-1906", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1906" }, { "reference_url": "https://github.com/advisories/GHSA-c4mc-49hq-q275", "reference_id": "GHSA-c4mc-49hq-q275", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c4mc-49hq-q275" }, { "reference_url": "https://security.gentoo.org/glsa/201208-02", "reference_id": "GLSA-201208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201208-02" }, { "reference_url": "https://usn.ubuntu.com/1419-1/", "reference_id": "USN-1419-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1419-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2012-1906", "GHSA-c4mc-49hq-q275" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tetf-xa1u-uffv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15493?format=api", "vulnerability_id": "VCID-txx3-3fzg-33cp", "summary": "Improper Link Resolution Before File Access ('Link Following')\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.", "references": [ { "reference_url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3870.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3870.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3870", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09496", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09483", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09435", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09361", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09451", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09397", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09401", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09344", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09452", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09469", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3870" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3870", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3870" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/88512e880bd2a03694b5fef42540dc7b3da05d30", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/88512e880bd2a03694b5fef42540dc7b3da05d30" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/b29b1785d543a3cea961fffa9b3c15f14ab7cce0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/b29b1785d543a3cea961fffa9b3c15f14ab7cce0" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3870.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3870.yml" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2314", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2314" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1223-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1223-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1223-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1223-2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=742644", "reference_id": "742644", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=742644" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3870", "reference_id": "CVE-2011-3870", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3870" }, { "reference_url": "https://puppet.com/security/cve/cve-2011-3870", "reference_id": "CVE-2011-3870", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2011-3870" }, { "reference_url": "https://github.com/advisories/GHSA-qh3g-27jf-3j54", "reference_id": "GHSA-qh3g-27jf-3j54", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qh3g-27jf-3j54" }, { "reference_url": "https://security.gentoo.org/glsa/201203-03", "reference_id": "GLSA-201203-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-03" }, { "reference_url": "https://usn.ubuntu.com/1223-1/", "reference_id": "USN-1223-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1223-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2011-3870", "GHSA-qh3g-27jf-3j54" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txx3-3fzg-33cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44774?format=api", "vulnerability_id": "VCID-v9kt-4vxm-ekdw", "summary": "Multiple vulnerabilities have been found in Puppet, the worst of\n which could lead to execution of arbitrary code.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6120.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6120.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12823", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12968", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13059", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13111", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12914", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12994", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13045", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13007", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12923", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6120" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=908629", "reference_id": "908629", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908629" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_essex:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack_essex:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_essex:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_folsom:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack_folsom:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_folsom:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6120", "reference_id": "CVE-2012-6120", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6120" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0710", "reference_id": "RHSA-2013:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0710" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2012-6120" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v9kt-4vxm-ekdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8419?format=api", "vulnerability_id": "VCID-vgbw-4yuu-57fz", "summary": "Low severity vulnerability that affects puppet\nlib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3866", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2012-3866" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3866", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15593", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15657", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15692", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15725", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15666", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15776", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1552", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15712", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1558", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15674", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3866" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839135", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3866", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3866" }, { "reference_url": "http://secunia.com/advisories/50014", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50014" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3866.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3866.yml" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2012-3866-lastrunreportyaml-world-readable", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2012-3866-lastrunreportyaml-world-readable" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2511", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2511" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1506-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1506-1" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3866/", "reference_id": "CVE-2012-3866", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2012-3866/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3866", "reference_id": "CVE-2012-3866", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3866" }, { "reference_url": "https://github.com/advisories/GHSA-8jxj-9r5f-w3m2", "reference_id": "GHSA-8jxj-9r5f-w3m2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8jxj-9r5f-w3m2" }, { "reference_url": "https://usn.ubuntu.com/1506-1/", "reference_id": "USN-1506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1506-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2012-3866", "GHSA-8jxj-9r5f-w3m2" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgbw-4yuu-57fz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47722?format=api", "vulnerability_id": "VCID-vrzs-81t1-jyax", "summary": "Multiple vulnerabilities have been found in Puppet, the worst of\n which might allow local attackers to gain escalated privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3872.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3872.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3872", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02778", "scoring_system": "epss", "scoring_elements": "0.85995", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02778", "scoring_system": "epss", "scoring_elements": "0.86006", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02778", "scoring_system": "epss", "scoring_elements": "0.86023", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02778", "scoring_system": "epss", "scoring_elements": "0.86022", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02778", "scoring_system": "epss", "scoring_elements": "0.86042", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02778", "scoring_system": "epss", "scoring_elements": "0.86051", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02778", "scoring_system": "epss", "scoring_elements": "0.86065", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02778", "scoring_system": "epss", "scoring_elements": "0.86063", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02778", "scoring_system": "epss", "scoring_elements": "0.86058", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02778", "scoring_system": "epss", "scoring_elements": "0.86076", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3872" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3872" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=748447", "reference_id": "748447", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=748447" }, { "reference_url": "https://security.gentoo.org/glsa/201203-03", "reference_id": "GLSA-201203-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-03" }, { "reference_url": "https://usn.ubuntu.com/1238-1/", "reference_id": "USN-1238-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1238-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2011-3872" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vrzs-81t1-jyax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8401?format=api", "vulnerability_id": "VCID-wage-71h9-6qay", "summary": "Moderate severity vulnerability that affects puppet\nlib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3867", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2012-3867" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3867", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80578", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80592", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80575", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80522", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80599", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80571", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80516", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80544", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80565", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80536", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3867" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839158", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867" }, { "reference_url": "http://secunia.com/advisories/50014", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50014" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2511", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2511" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1506-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1506-1" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3867/", "reference_id": "CVE-2012-3867", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2012-3867/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3867", "reference_id": "CVE-2012-3867", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3867" }, { "reference_url": "https://github.com/advisories/GHSA-q44r-f2hm-v76v", "reference_id": "GHSA-q44r-f2hm-v76v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q44r-f2hm-v76v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://usn.ubuntu.com/1506-1/", "reference_id": "USN-1506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1506-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2012-3867", "GHSA-q44r-f2hm-v76v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wage-71h9-6qay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44788?format=api", "vulnerability_id": "VCID-wdwr-8m6q-kff5", "summary": "Multiple vulnerabilities have been found in Puppet, the worst of\n which could lead to execution of arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1654.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1654.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64019", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63902", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63961", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63988", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63948", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63998", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64016", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64028", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64014", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63984", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1654" }, { "reference_url": "http://secunia.com/advisories/52596", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/52596" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-1654/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppetlabs.com/security/cve/cve-2013-1654/" }, { "reference_url": "http://ubuntu.com/usn/usn-1759-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://ubuntu.com/usn/usn-1759-1" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2643", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2013/dsa-2643" }, { "reference_url": "http://www.securityfocus.com/bid/64758", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/64758" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=919770", "reference_id": "919770", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919770" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:-:enterprise:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.0:-:enterprise:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:-:enterprise:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:-:enterprise:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.1:-:enterprise:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:-:enterprise:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1654", "reference_id": "CVE-2013-1654", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1654" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0710", "reference_id": "RHSA-2013:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0710" }, { "reference_url": "https://usn.ubuntu.com/1759-1/", "reference_id": "USN-1759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1759-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2013-1654" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wdwr-8m6q-kff5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36740?format=api", "vulnerability_id": "VCID-yycs-ny3v-pyeh", "summary": "Multiple vulnerabilities have been found in Puppet, the worst of\n which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1986.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1986.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1986", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.58974", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59049", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59071", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59036", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59093", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59111", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59075", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.5911", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1986" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1986", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1986" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=810069", "reference_id": "810069", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810069" }, { "reference_url": "https://security.gentoo.org/glsa/201208-02", "reference_id": "GLSA-201208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201208-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://usn.ubuntu.com/1419-1/", "reference_id": "USN-1419-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1419-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" } ], "aliases": [ "CVE-2012-1986" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yycs-ny3v-pyeh" } ], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" }