Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/puppet@2.7.11-1?distro=bullseye

Type deb

Namespace debian

Name puppet

Version 2.7.11-1

Qualifiers

distro	bullseye

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.7.13-1

Latest_non_vulnerable_version 5.5.22-2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2jc8-n1j4-m7c6

vulnerability_id VCID-2jc8-n1j4-m7c6

summary

Puppet Privilege Escallation
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1053.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1053.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1053

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.13357
published_at	2026-04-21T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13389
published_at	2026-04-01T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13489
published_at	2026-04-02T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13551
published_at	2026-04-04T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13348
published_at	2026-04-07T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.1343
published_at	2026-04-08T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13479
published_at	2026-04-09T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13453
published_at	2026-04-11T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13418
published_at	2026-04-12T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13372
published_at	2026-04-13T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13279
published_at	2026-04-16T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13277
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1053

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/73445

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/73445

reference_url

https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36

reference_url	https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
url	https://hermes.opensuse.org/messages/15087408

reference_url	https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html
reference_id
reference_type
scores
url	https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html

reference_url

https://ubuntu.com/usn/usn-1372-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://ubuntu.com/usn/usn-1372-1

reference_url

https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053

reference_url

https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458

reference_url

https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457

reference_url

https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459

reference_url

https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158

reference_url

https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14

reference_url

https://www.debian.org/security/2012/dsa-2419

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2012/dsa-2419

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=791001
reference_id	791001
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=791001

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-1053

reference_id

CVE-2012-1053

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-1053

reference_url	https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/
reference_id	CVE-2012-1053
reference_type
scores
url	https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/

reference_url

https://github.com/advisories/GHSA-77hg-g8cc-5r37

reference_id

GHSA-77hg-g8cc-5r37

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-77hg-g8cc-5r37

reference_url	https://security.gentoo.org/glsa/201203-03
reference_id	GLSA-201203-03
reference_type
scores
url	https://security.gentoo.org/glsa/201203-03

reference_url	https://usn.ubuntu.com/1372-1/
reference_id	USN-1372-1
reference_type
scores
url	https://usn.ubuntu.com/1372-1/

fixed_packages

url	pkg:deb/debian/puppet@2.7.11-1?distro=bullseye
purl	pkg:deb/debian/puppet@2.7.11-1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.11-1%3Fdistro=bullseye

url	pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
purl	pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye

aliases CVE-2012-1053, GHSA-77hg-g8cc-5r37

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2jc8-n1j4-m7c6

url VCID-72s2-y7m6-kuf6

vulnerability_id VCID-72s2-y7m6-kuf6

summary

Multiple vulnerabilities have been found in Puppet, the worst of
    which might allow local attackers to gain escalated privileges.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1054.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1054.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1054

reference_id

reference_type

scores

value	0.00071
scoring_system	epss
scoring_elements	0.21599
published_at	2026-04-01T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21772
published_at	2026-04-02T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21826
published_at	2026-04-04T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21579
published_at	2026-04-07T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21656
published_at	2026-04-08T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21713
published_at	2026-04-09T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21724
published_at	2026-04-11T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21685
published_at	2026-04-12T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21628
published_at	2026-04-13T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21627
published_at	2026-04-16T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21634
published_at	2026-04-18T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21602
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1054
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1054

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=791002
reference_id	791002
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=791002

reference_url	https://security.gentoo.org/glsa/201203-03
reference_id	GLSA-201203-03
reference_type
scores
url	https://security.gentoo.org/glsa/201203-03

reference_url	https://usn.ubuntu.com/1372-1/
reference_id	USN-1372-1
reference_type
scores
url	https://usn.ubuntu.com/1372-1/

fixed_packages

url	pkg:deb/debian/puppet@2.7.11-1?distro=bullseye
purl	pkg:deb/debian/puppet@2.7.11-1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.11-1%3Fdistro=bullseye

url	pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
purl	pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye

aliases CVE-2012-1054

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-72s2-y7m6-kuf6

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.11-1%3Fdistro=bullseye

Package Instance