Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/puppet@6.9.0
Typegem
Namespace
Namepuppet
Version6.9.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-5qhd-8wfe-27dy
vulnerability_id VCID-5qhd-8wfe-27dy
summary 
Puppet does not properly restrict access to node resources
Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0528.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0528.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0528
reference_id
reference_type
scores
0
value 0.00265
scoring_system epss
scoring_elements 0.50062
published_at 2026-04-16T12:55:00Z
1
value 0.00265
scoring_system epss
scoring_elements 0.49966
published_at 2026-04-01T12:55:00Z
2
value 0.00265
scoring_system epss
scoring_elements 0.50003
published_at 2026-04-02T12:55:00Z
3
value 0.00265
scoring_system epss
scoring_elements 0.50031
published_at 2026-04-04T12:55:00Z
4
value 0.00265
scoring_system epss
scoring_elements 0.49982
published_at 2026-04-07T12:55:00Z
5
value 0.00265
scoring_system epss
scoring_elements 0.50037
published_at 2026-04-08T12:55:00Z
6
value 0.00265
scoring_system epss
scoring_elements 0.50029
published_at 2026-04-09T12:55:00Z
7
value 0.00265
scoring_system epss
scoring_elements 0.50047
published_at 2026-04-11T12:55:00Z
8
value 0.00265
scoring_system epss
scoring_elements 0.5002
published_at 2026-04-12T12:55:00Z
9
value 0.00265
scoring_system epss
scoring_elements 0.50016
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0528
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0528
3
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
4
reference_url https://github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.yml
6
reference_url http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html
reference_id
reference_type
scores
url http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html
7
reference_url http://www.mail-archive.com/puppet-users@googlegroups.com/msg16429.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.mail-archive.com/puppet-users@googlegroups.com/msg16429.html
8
reference_url http://www.openwall.com/lists/oss-security/2011/01/27/6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/01/27/6
9
reference_url http://www.openwall.com/lists/oss-security/2011/01/31/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/01/31/5
10
reference_url http://www.ubuntu.com/usn/USN-1365-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1365-1
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0528
reference_id CVE-2011-0528
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0528
12
reference_url https://github.com/advisories/GHSA-9pvx-fwwh-w289
reference_id GHSA-9pvx-fwwh-w289
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9pvx-fwwh-w289
13
reference_url https://usn.ubuntu.com/1365-1/
reference_id USN-1365-1
reference_type
scores
url https://usn.ubuntu.com/1365-1/
fixed_packages
aliases CVE-2011-0528, GHSA-9pvx-fwwh-w289
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qhd-8wfe-27dy
1
url VCID-63rx-372a-ukby
vulnerability_id VCID-63rx-372a-ukby
summary 
Improper Certificate Validation in Puppet
Previously, Puppet operated on the model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7942.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7942.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7942
reference_id
reference_type
scores
0
value 0.00119
scoring_system epss
scoring_elements 0.30792
published_at 2026-04-16T12:55:00Z
1
value 0.00119
scoring_system epss
scoring_elements 0.30765
published_at 2026-04-13T12:55:00Z
2
value 0.00119
scoring_system epss
scoring_elements 0.3081
published_at 2026-04-12T12:55:00Z
3
value 0.00119
scoring_system epss
scoring_elements 0.30854
published_at 2026-04-11T12:55:00Z
4
value 0.00119
scoring_system epss
scoring_elements 0.30852
published_at 2026-04-09T12:55:00Z
5
value 0.00119
scoring_system epss
scoring_elements 0.30821
published_at 2026-04-08T12:55:00Z
6
value 0.00119
scoring_system epss
scoring_elements 0.30769
published_at 2026-04-01T12:55:00Z
7
value 0.00119
scoring_system epss
scoring_elements 0.30895
published_at 2026-04-02T12:55:00Z
8
value 0.00119
scoring_system epss
scoring_elements 0.30943
published_at 2026-04-04T12:55:00Z
9
value 0.00119
scoring_system epss
scoring_elements 0.30763
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7942
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7942
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2020-7942.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2020-7942.yml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7942
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7942
6
reference_url https://puppet.com/security/cve/CVE-2020-7942
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/CVE-2020-7942
7
reference_url https://puppet.com/security/cve/CVE-2020-7942/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
url https://puppet.com/security/cve/CVE-2020-7942/
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1816720
reference_id 1816720
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1816720
9
reference_url https://github.com/advisories/GHSA-gqvf-892r-vjm5
reference_id GHSA-gqvf-892r-vjm5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gqvf-892r-vjm5
10
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
fixed_packages
0
url pkg:gem/puppet@6.13.0
purl pkg:gem/puppet@6.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qhd-8wfe-27dy
1
vulnerability VCID-8xgm-pabz-hkeg
2
vulnerability VCID-h88b-abes-3bgr
3
vulnerability VCID-jhkk-5euf-uked
4
vulnerability VCID-kt2h-k72f-tqc7
5
vulnerability VCID-qdsk-m9ye-z3a4
6
vulnerability VCID-s94z-5sd6-33dk
7
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@6.13.0
aliases CVE-2020-7942, GHSA-gqvf-892r-vjm5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63rx-372a-ukby
2
url VCID-8xgm-pabz-hkeg
vulnerability_id VCID-8xgm-pabz-hkeg
summary 
Improper Privilege Management
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-10689
reference_id
reference_type
scores
0
value 0.00092
scoring_system epss
scoring_elements 0.25827
published_at 2026-04-01T12:55:00Z
1
value 0.00092
scoring_system epss
scoring_elements 0.25786
published_at 2026-04-12T12:55:00Z
2
value 0.00092
scoring_system epss
scoring_elements 0.25828
published_at 2026-04-11T12:55:00Z
3
value 0.00092
scoring_system epss
scoring_elements 0.25819
published_at 2026-04-09T12:55:00Z
4
value 0.00092
scoring_system epss
scoring_elements 0.2577
published_at 2026-04-08T12:55:00Z
5
value 0.00092
scoring_system epss
scoring_elements 0.25732
published_at 2026-04-16T12:55:00Z
6
value 0.00092
scoring_system epss
scoring_elements 0.25728
published_at 2026-04-13T12:55:00Z
7
value 0.00092
scoring_system epss
scoring_elements 0.25699
published_at 2026-04-07T12:55:00Z
8
value 0.00092
scoring_system epss
scoring_elements 0.2593
published_at 2026-04-04T12:55:00Z
9
value 0.00092
scoring_system epss
scoring_elements 0.25887
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-10689
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
6
reference_url https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee
7
reference_url https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1
8
reference_url https://tickets.puppetlabs.com/browse/PUP-7866
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tickets.puppetlabs.com/browse/PUP-7866
9
reference_url https://usn.ubuntu.com/3567-1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3567-1
10
reference_url https://usn.ubuntu.com/3567-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3567-1/
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1542850
reference_id 1542850
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1542850
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412
reference_id 890412
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-10689
reference_id CVE-2017-10689
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-10689
14
reference_url https://puppet.com/security/cve/CVE-2017-10689
reference_id CVE-2017-10689
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements
1
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/CVE-2017-10689
15
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml
reference_id CVE-2017-10689.YML
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml
16
reference_url https://github.com/advisories/GHSA-vw22-465p-8j5w
reference_id GHSA-vw22-465p-8j5w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vw22-465p-8j5w
17
reference_url https://usn.ubuntu.com/USN-4804-1/
reference_id USN-USN-4804-1
reference_type
scores
url https://usn.ubuntu.com/USN-4804-1/
fixed_packages
aliases CVE-2017-10689, GHSA-vw22-465p-8j5w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgm-pabz-hkeg
3
url VCID-h88b-abes-3bgr
vulnerability_id VCID-h88b-abes-3bgr
summary 
Puppet Denial of Service and Arbitrary File Write
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1987
reference_id
reference_type
scores
0
value 0.00763
scoring_system epss
scoring_elements 0.73443
published_at 2026-04-16T12:55:00Z
1
value 0.00763
scoring_system epss
scoring_elements 0.73351
published_at 2026-04-01T12:55:00Z
2
value 0.00763
scoring_system epss
scoring_elements 0.7336
published_at 2026-04-02T12:55:00Z
3
value 0.00763
scoring_system epss
scoring_elements 0.73384
published_at 2026-04-04T12:55:00Z
4
value 0.00763
scoring_system epss
scoring_elements 0.73355
published_at 2026-04-07T12:55:00Z
5
value 0.00763
scoring_system epss
scoring_elements 0.73392
published_at 2026-04-08T12:55:00Z
6
value 0.00763
scoring_system epss
scoring_elements 0.73406
published_at 2026-04-09T12:55:00Z
7
value 0.00763
scoring_system epss
scoring_elements 0.73429
published_at 2026-04-11T12:55:00Z
8
value 0.00763
scoring_system epss
scoring_elements 0.73409
published_at 2026-04-12T12:55:00Z
9
value 0.00763
scoring_system epss
scoring_elements 0.73401
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1987
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
7
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
8
reference_url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
9
reference_url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
11
reference_url https://hermes.opensuse.org/messages/14523305
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/14523305
12
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/15087408
13
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
14
reference_url https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
15
reference_url https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
16
reference_url https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
17
reference_url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
18
reference_url http://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1419-1
19
reference_url http://www.debian.org/security/2012/dsa-2451
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2451
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=810070
reference_id 810070
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=810070
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1987
reference_id CVE-2012-1987
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1987
22
reference_url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/
reference_id CVE-2012-1987
reference_type
scores
url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/
23
reference_url https://github.com/advisories/GHSA-v58w-6xc2-w799
reference_id GHSA-v58w-6xc2-w799
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-v58w-6xc2-w799
24
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
25
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
26
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
aliases CVE-2012-1987, GHSA-v58w-6xc2-w799
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h88b-abes-3bgr
4
url VCID-jhkk-5euf-uked
vulnerability_id VCID-jhkk-5euf-uked
summary 
Improper Link Resolution Before File Access ('Link Following')
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.
references
0
reference_url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3869
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.12851
published_at 2026-04-11T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12885
published_at 2026-04-09T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.12834
published_at 2026-04-08T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.12754
published_at 2026-04-07T12:55:00Z
4
value 0.00042
scoring_system epss
scoring_elements 0.12951
published_at 2026-04-04T12:55:00Z
5
value 0.00042
scoring_system epss
scoring_elements 0.12803
published_at 2026-04-01T12:55:00Z
6
value 0.00042
scoring_system epss
scoring_elements 0.12901
published_at 2026-04-02T12:55:00Z
7
value 0.00042
scoring_system epss
scoring_elements 0.12671
published_at 2026-04-16T12:55:00Z
8
value 0.00042
scoring_system epss
scoring_elements 0.12768
published_at 2026-04-13T12:55:00Z
9
value 0.00042
scoring_system epss
scoring_elements 0.12813
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3869
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869
7
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
8
reference_url https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c
9
reference_url https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml
11
reference_url http://www.debian.org/security/2011/dsa-2314
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2314
12
reference_url http://www.ubuntu.com/usn/USN-1223-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-1
13
reference_url http://www.ubuntu.com/usn/USN-1223-2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-2
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=742645
reference_id 742645
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=742645
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3869
reference_id CVE-2011-3869
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-3869
16
reference_url https://puppet.com/security/cve/cve-2011-3869
reference_id CVE-2011-3869
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2011-3869
17
reference_url https://github.com/advisories/GHSA-8c56-v25w-f89c
reference_id GHSA-8c56-v25w-f89c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8c56-v25w-f89c
18
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
19
reference_url https://usn.ubuntu.com/1223-1/
reference_id USN-1223-1
reference_type
scores
url https://usn.ubuntu.com/1223-1/
fixed_packages
aliases CVE-2011-3869, GHSA-8c56-v25w-f89c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jhkk-5euf-uked
5
url VCID-kt2h-k72f-tqc7
vulnerability_id VCID-kt2h-k72f-tqc7
summary 
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
3
reference_url http://projects.puppetlabs.com/issues/13518
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/issues/13518
4
reference_url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
5
reference_url http://puppetlabs.com/security/cve/cve-2012-1988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-1988
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1988
reference_id
reference_type
scores
0
value 0.00492
scoring_system epss
scoring_elements 0.65688
published_at 2026-04-16T12:55:00Z
1
value 0.00492
scoring_system epss
scoring_elements 0.65568
published_at 2026-04-01T12:55:00Z
2
value 0.00492
scoring_system epss
scoring_elements 0.65616
published_at 2026-04-02T12:55:00Z
3
value 0.00492
scoring_system epss
scoring_elements 0.65646
published_at 2026-04-04T12:55:00Z
4
value 0.00492
scoring_system epss
scoring_elements 0.65612
published_at 2026-04-07T12:55:00Z
5
value 0.00492
scoring_system epss
scoring_elements 0.65664
published_at 2026-04-08T12:55:00Z
6
value 0.00492
scoring_system epss
scoring_elements 0.65676
published_at 2026-04-09T12:55:00Z
7
value 0.00492
scoring_system epss
scoring_elements 0.65696
published_at 2026-04-11T12:55:00Z
8
value 0.00492
scoring_system epss
scoring_elements 0.65682
published_at 2026-04-12T12:55:00Z
9
value 0.00492
scoring_system epss
scoring_elements 0.65653
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1988
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
10
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
11
reference_url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
12
reference_url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
14
reference_url https://hermes.opensuse.org/messages/14523305
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/14523305
15
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/15087408
16
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
17
reference_url https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
18
reference_url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
19
reference_url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988
20
reference_url https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
21
reference_url https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
22
reference_url https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
23
reference_url https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
24
reference_url https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
25
reference_url http://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1419-1
26
reference_url http://www.debian.org/security/2012/dsa-2451
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2451
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=810071
reference_id 810071
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=810071
28
reference_url http://puppetlabs.com/security/cve/cve-2012-1988/
reference_id CVE-2012-1988
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-1988/
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1988
reference_id CVE-2012-1988
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1988
30
reference_url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/
reference_id CVE-2012-1988
reference_type
scores
url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/
31
reference_url https://github.com/advisories/GHSA-6xxq-j39w-g3f6
reference_id GHSA-6xxq-j39w-g3f6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xxq-j39w-g3f6
32
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
33
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
34
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
aliases CVE-2012-1988, GHSA-6xxq-j39w-g3f6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kt2h-k72f-tqc7
6
url VCID-qdsk-m9ye-z3a4
vulnerability_id VCID-qdsk-m9ye-z3a4
summary 
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27023.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27023.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27023
reference_id
reference_type
scores
0
value 0.00397
scoring_system epss
scoring_elements 0.60603
published_at 2026-04-16T12:55:00Z
1
value 0.00397
scoring_system epss
scoring_elements 0.60563
published_at 2026-04-13T12:55:00Z
2
value 0.00397
scoring_system epss
scoring_elements 0.60584
published_at 2026-04-12T12:55:00Z
3
value 0.00397
scoring_system epss
scoring_elements 0.60598
published_at 2026-04-11T12:55:00Z
4
value 0.00397
scoring_system epss
scoring_elements 0.60577
published_at 2026-04-09T12:55:00Z
5
value 0.00397
scoring_system epss
scoring_elements 0.60561
published_at 2026-04-08T12:55:00Z
6
value 0.00397
scoring_system epss
scoring_elements 0.60512
published_at 2026-04-07T12:55:00Z
7
value 0.00397
scoring_system epss
scoring_elements 0.60543
published_at 2026-04-04T12:55:00Z
8
value 0.00397
scoring_system epss
scoring_elements 0.60516
published_at 2026-04-02T12:55:00Z
9
value 0.00397
scoring_system epss
scoring_elements 0.60441
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27023
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27023
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27023
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2023859
reference_id 2023859
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2023859
9
reference_url https://security.archlinux.org/AVG-2541
reference_id AVG-2541
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2541
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27023
reference_id CVE-2021-27023
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27023
11
reference_url https://puppet.com/security/cve/CVE-2021-27023
reference_id CVE-2021-27023
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/CVE-2021-27023
12
reference_url https://github.com/advisories/GHSA-93j5-g845-9wqp
reference_id GHSA-93j5-g845-9wqp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-93j5-g845-9wqp
13
reference_url https://access.redhat.com/errata/RHSA-2022:1478
reference_id RHSA-2022:1478
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1478
14
reference_url https://access.redhat.com/errata/RHSA-2022:1708
reference_id RHSA-2022:1708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1708
15
reference_url https://access.redhat.com/errata/RHSA-2022:4866
reference_id RHSA-2022:4866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4866
16
reference_url https://access.redhat.com/errata/RHSA-2022:4867
reference_id RHSA-2022:4867
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4867
fixed_packages
0
url pkg:gem/puppet@6.25.1
purl pkg:gem/puppet@6.25.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qhd-8wfe-27dy
1
vulnerability VCID-8xgm-pabz-hkeg
2
vulnerability VCID-h88b-abes-3bgr
3
vulnerability VCID-jhkk-5euf-uked
4
vulnerability VCID-kt2h-k72f-tqc7
5
vulnerability VCID-qdsk-m9ye-z3a4
6
vulnerability VCID-s94z-5sd6-33dk
7
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@6.25.1
1
url pkg:gem/puppet@7.12.1
purl pkg:gem/puppet@7.12.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qhd-8wfe-27dy
1
vulnerability VCID-8xgm-pabz-hkeg
2
vulnerability VCID-h88b-abes-3bgr
3
vulnerability VCID-jhkk-5euf-uked
4
vulnerability VCID-kt2h-k72f-tqc7
5
vulnerability VCID-qdsk-m9ye-z3a4
6
vulnerability VCID-s94z-5sd6-33dk
7
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@7.12.1
aliases CVE-2021-27023, GHSA-93j5-g845-9wqp
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdsk-m9ye-z3a4
7
url VCID-s94z-5sd6-33dk
vulnerability_id VCID-s94z-5sd6-33dk
summary 
Silent Configuration Failure in Puppet Agent
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27025.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27025.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27025
reference_id
reference_type
scores
0
value 0.00531
scoring_system epss
scoring_elements 0.67253
published_at 2026-04-13T12:55:00Z
1
value 0.00531
scoring_system epss
scoring_elements 0.67288
published_at 2026-04-16T12:55:00Z
2
value 0.00531
scoring_system epss
scoring_elements 0.67301
published_at 2026-04-11T12:55:00Z
3
value 0.00531
scoring_system epss
scoring_elements 0.67282
published_at 2026-04-09T12:55:00Z
4
value 0.00531
scoring_system epss
scoring_elements 0.67268
published_at 2026-04-08T12:55:00Z
5
value 0.00531
scoring_system epss
scoring_elements 0.6724
published_at 2026-04-04T12:55:00Z
6
value 0.00531
scoring_system epss
scoring_elements 0.67216
published_at 2026-04-07T12:55:00Z
7
value 0.00531
scoring_system epss
scoring_elements 0.67179
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27025
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27025
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27025
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27025.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27025.yml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014772
reference_id 1014772
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014772
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2023853
reference_id 2023853
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2023853
10
reference_url https://security.archlinux.org/AVG-2541
reference_id AVG-2541
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2541
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27025
reference_id CVE-2021-27025
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27025
12
reference_url https://puppet.com/security/cve/cve-2021-27025
reference_id CVE-2021-27025
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2021-27025
13
reference_url https://github.com/advisories/GHSA-q4g7-jrxv-67r9
reference_id GHSA-q4g7-jrxv-67r9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q4g7-jrxv-67r9
14
reference_url https://access.redhat.com/errata/RHSA-2022:1708
reference_id RHSA-2022:1708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1708
15
reference_url https://access.redhat.com/errata/RHSA-2022:4866
reference_id RHSA-2022:4866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4866
16
reference_url https://access.redhat.com/errata/RHSA-2022:4867
reference_id RHSA-2022:4867
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4867
17
reference_url https://access.redhat.com/errata/RHSA-2022:8846
reference_id RHSA-2022:8846
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8846
18
reference_url https://access.redhat.com/errata/RHSA-2022:8862
reference_id RHSA-2022:8862
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8862
fixed_packages
0
url pkg:gem/puppet@6.25.1
purl pkg:gem/puppet@6.25.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qhd-8wfe-27dy
1
vulnerability VCID-8xgm-pabz-hkeg
2
vulnerability VCID-h88b-abes-3bgr
3
vulnerability VCID-jhkk-5euf-uked
4
vulnerability VCID-kt2h-k72f-tqc7
5
vulnerability VCID-qdsk-m9ye-z3a4
6
vulnerability VCID-s94z-5sd6-33dk
7
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@6.25.1
1
url pkg:gem/puppet@7.12.1
purl pkg:gem/puppet@7.12.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qhd-8wfe-27dy
1
vulnerability VCID-8xgm-pabz-hkeg
2
vulnerability VCID-h88b-abes-3bgr
3
vulnerability VCID-jhkk-5euf-uked
4
vulnerability VCID-kt2h-k72f-tqc7
5
vulnerability VCID-qdsk-m9ye-z3a4
6
vulnerability VCID-s94z-5sd6-33dk
7
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@7.12.1
aliases CVE-2021-27025, GHSA-q4g7-jrxv-67r9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s94z-5sd6-33dk
8
url VCID-ww8x-tzxr-4qbn
vulnerability_id VCID-ww8x-tzxr-4qbn
summary 
Improper Link Resolution Before File Access ('Link Following')
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.
references
0
reference_url http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087
1
reference_url http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-0156
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.12653
published_at 2026-04-16T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12785
published_at 2026-04-01T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.12883
published_at 2026-04-02T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.12933
published_at 2026-04-04T12:55:00Z
4
value 0.00042
scoring_system epss
scoring_elements 0.12736
published_at 2026-04-07T12:55:00Z
5
value 0.00042
scoring_system epss
scoring_elements 0.12816
published_at 2026-04-08T12:55:00Z
6
value 0.00042
scoring_system epss
scoring_elements 0.12867
published_at 2026-04-09T12:55:00Z
7
value 0.00042
scoring_system epss
scoring_elements 0.12833
published_at 2026-04-11T12:55:00Z
8
value 0.00042
scoring_system epss
scoring_elements 0.12795
published_at 2026-04-12T12:55:00Z
9
value 0.00042
scoring_system epss
scoring_elements 0.1275
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-0156
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=502881
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=502881
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0156
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0156
8
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
9
reference_url https://github.com/puppetlabs/puppet/commit/0aae57f91dc69b22fb674f8de3a13c22edd07128
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/0aae57f91dc69b22fb674f8de3a13c22edd07128
10
reference_url https://github.com/puppetlabs/puppet/commit/6111ba80f2c6f6d1541af971f565119e6e03d77d
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/6111ba80f2c6f6d1541af971f565119e6e03d77d
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2010-0156.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2010-0156.yml
12
reference_url https://web.archive.org/web/20100316113904/http://secunia.com/advisories/38766
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20100316113904/http://secunia.com/advisories/38766
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-0156
reference_id CVE-2010-0156
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2010-0156
14
reference_url https://puppet.com/security/cve/cve-2010-0156
reference_id CVE-2010-0156
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2010-0156
15
reference_url https://github.com/advisories/GHSA-vrh7-99jh-3fmm
reference_id GHSA-vrh7-99jh-3fmm
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vrh7-99jh-3fmm
16
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
17
reference_url https://usn.ubuntu.com/917-1/
reference_id USN-917-1
reference_type
scores
url https://usn.ubuntu.com/917-1/
fixed_packages
aliases CVE-2010-0156, GHSA-vrh7-99jh-3fmm
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ww8x-tzxr-4qbn
Fixing_vulnerabilities
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/puppet@6.9.0