Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/puppet@2.6.2-5%2Bsqueeze9
Typedeb
Namespacedebian
Namepuppet
Version2.6.2-5+squeeze9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.5.10-4
Latest_non_vulnerable_version5.5.10-4
Affected_by_vulnerabilities
0
url VCID-1n9j-3ymz-dub5
vulnerability_id VCID-1n9j-3ymz-dub5
summary Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4956.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4956.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4956
reference_id
reference_type
scores
0
value 0.00108
scoring_system epss
scoring_elements 0.28617
published_at 2026-06-04T12:55:00Z
1
value 0.00108
scoring_system epss
scoring_elements 0.28689
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4956
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=996855
reference_id 996855
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=996855
5
reference_url https://security.gentoo.org/glsa/201308-04
reference_id GLSA-201308-04
reference_type
scores
url https://security.gentoo.org/glsa/201308-04
6
reference_url https://access.redhat.com/errata/RHSA-2013:1283
reference_id RHSA-2013:1283
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1283
7
reference_url https://access.redhat.com/errata/RHSA-2013:1284
reference_id RHSA-2013:1284
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1284
8
reference_url https://usn.ubuntu.com/1928-1/
reference_id USN-1928-1
reference_type
scores
url https://usn.ubuntu.com/1928-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
1
url pkg:deb/debian/puppet@3.7.2-4
purl pkg:deb/debian/puppet@3.7.2-4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b5ns-wtb6-fkha
1
vulnerability VCID-jj8h-wz8z-xfbq
2
vulnerability VCID-mn3q-6cs1-ukcq
3
vulnerability VCID-wqeh-3r7d-7ffz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4
aliases CVE-2013-4956
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1n9j-3ymz-dub5
1
url VCID-38dv-ps67-r7f7
vulnerability_id VCID-38dv-ps67-r7f7
summary 
Moderate severity vulnerability that affects puppet
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html
1
reference_url http://puppetlabs.com/security/cve/cve-2013-4761
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2013-4761
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-1283.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1283.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-1284.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1284.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4761
reference_id
reference_type
scores
0
value 0.0062
scoring_system epss
scoring_elements 0.70463
published_at 2026-06-05T12:55:00Z
1
value 0.0062
scoring_system epss
scoring_elements 0.70422
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4761
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956
8
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml
10
reference_url https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability
11
reference_url http://www.debian.org/security/2013/dsa-2761
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2761
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=996856
reference_id 996856
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=996856
13
reference_url http://puppetlabs.com/security/cve/cve-2013-4761/
reference_id CVE-2013-4761
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2013-4761/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4761
reference_id CVE-2013-4761
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4761
15
reference_url https://github.com/advisories/GHSA-cj43-9h3w-v976
reference_id GHSA-cj43-9h3w-v976
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cj43-9h3w-v976
16
reference_url https://security.gentoo.org/glsa/201308-04
reference_id GLSA-201308-04
reference_type
scores
url https://security.gentoo.org/glsa/201308-04
17
reference_url https://access.redhat.com/errata/RHSA-2013:1283
reference_id RHSA-2013:1283
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1283
18
reference_url https://access.redhat.com/errata/RHSA-2013:1284
reference_id RHSA-2013:1284
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1284
19
reference_url https://usn.ubuntu.com/1928-1/
reference_id USN-1928-1
reference_type
scores
url https://usn.ubuntu.com/1928-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
1
url pkg:deb/debian/puppet@3.7.2-4
purl pkg:deb/debian/puppet@3.7.2-4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b5ns-wtb6-fkha
1
vulnerability VCID-jj8h-wz8z-xfbq
2
vulnerability VCID-mn3q-6cs1-ukcq
3
vulnerability VCID-wqeh-3r7d-7ffz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4
aliases CVE-2013-4761, GHSA-cj43-9h3w-v976
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-38dv-ps67-r7f7
2
url VCID-3xtf-acbg-nqhe
vulnerability_id VCID-3xtf-acbg-nqhe
summary Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4969.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4969.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4969
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11713
published_at 2026-06-04T12:55:00Z
1
value 0.00038
scoring_system epss
scoring_elements 0.11802
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4969
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:S/C:C/I:C/A:C
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1045212
reference_id 1045212
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1045212
5
reference_url https://usn.ubuntu.com/2077-1/
reference_id USN-2077-1
reference_type
scores
url https://usn.ubuntu.com/2077-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
1
url pkg:deb/debian/puppet@3.7.2-4
purl pkg:deb/debian/puppet@3.7.2-4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b5ns-wtb6-fkha
1
vulnerability VCID-jj8h-wz8z-xfbq
2
vulnerability VCID-mn3q-6cs1-ukcq
3
vulnerability VCID-wqeh-3r7d-7ffz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4
aliases CVE-2013-4969
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xtf-acbg-nqhe
3
url VCID-6816-tprb-zqgt
vulnerability_id VCID-6816-tprb-zqgt
summary Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3864.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3864.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3864
reference_id
reference_type
scores
0
value 0.00314
scoring_system epss
scoring_elements 0.54835
published_at 2026-06-04T12:55:00Z
1
value 0.00314
scoring_system epss
scoring_elements 0.54893
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3864
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3864
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3864
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=839130
reference_id 839130
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=839130
4
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
5
reference_url https://usn.ubuntu.com/1506-1/
reference_id USN-1506-1
reference_type
scores
url https://usn.ubuntu.com/1506-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2012-3864
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6816-tprb-zqgt
4
url VCID-7gsz-qxb2-mbe7
vulnerability_id VCID-7gsz-qxb2-mbe7
summary Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1652.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1652.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1652
reference_id
reference_type
scores
0
value 0.00694
scoring_system epss
scoring_elements 0.72266
published_at 2026-06-04T12:55:00Z
1
value 0.00694
scoring_system epss
scoring_elements 0.72308
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1652
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1652
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=919784
reference_id 919784
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=919784
4
reference_url https://security.gentoo.org/glsa/201308-04
reference_id GLSA-201308-04
reference_type
scores
url https://security.gentoo.org/glsa/201308-04
5
reference_url https://access.redhat.com/errata/RHSA-2013:0710
reference_id RHSA-2013:0710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0710
6
reference_url https://usn.ubuntu.com/1759-1/
reference_id USN-1759-1
reference_type
scores
url https://usn.ubuntu.com/1759-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2013-1652
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7gsz-qxb2-mbe7
5
url VCID-7wuf-dtva-x7ej
vulnerability_id VCID-7wuf-dtva-x7ej
summary 
Improper Link Resolution Before File Access ('Link Following')
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.
references
0
reference_url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3869
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.13111
published_at 2026-06-04T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.13189
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3869
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869
7
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
8
reference_url https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c
9
reference_url https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml
11
reference_url http://www.debian.org/security/2011/dsa-2314
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2314
12
reference_url http://www.ubuntu.com/usn/USN-1223-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-1
13
reference_url http://www.ubuntu.com/usn/USN-1223-2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-2
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=742645
reference_id 742645
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=742645
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3869
reference_id CVE-2011-3869
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-3869
16
reference_url https://puppet.com/security/cve/cve-2011-3869
reference_id CVE-2011-3869
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2011-3869
17
reference_url https://github.com/advisories/GHSA-8c56-v25w-f89c
reference_id GHSA-8c56-v25w-f89c
reference_type
scores
url https://github.com/advisories/GHSA-8c56-v25w-f89c
18
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
19
reference_url https://usn.ubuntu.com/1223-1/
reference_id USN-1223-1
reference_type
scores
url https://usn.ubuntu.com/1223-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2011-3869, GHSA-8c56-v25w-f89c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7wuf-dtva-x7ej
6
url VCID-86jb-mnzj-e3cy
vulnerability_id VCID-86jb-mnzj-e3cy
summary The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3250.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3250.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3250
reference_id
reference_type
scores
0
value 0.00259
scoring_system epss
scoring_elements 0.49441
published_at 2026-06-04T12:55:00Z
1
value 0.00259
scoring_system epss
scoring_elements 0.49504
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3250
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3250
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3250
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1101347
reference_id 1101347
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1101347
fixed_packages
0
url pkg:deb/debian/puppet@3.7.2-4
purl pkg:deb/debian/puppet@3.7.2-4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b5ns-wtb6-fkha
1
vulnerability VCID-jj8h-wz8z-xfbq
2
vulnerability VCID-mn3q-6cs1-ukcq
3
vulnerability VCID-wqeh-3r7d-7ffz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4
aliases CVE-2014-3250
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86jb-mnzj-e3cy
7
url VCID-9t7v-tnzt-cqa6
vulnerability_id VCID-9t7v-tnzt-cqa6
summary The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2275.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2275.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2275
reference_id
reference_type
scores
0
value 0.0038
scoring_system epss
scoring_elements 0.59783
published_at 2026-06-04T12:55:00Z
1
value 0.0038
scoring_system epss
scoring_elements 0.59832
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2275
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2275
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2275
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=919785
reference_id 919785
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=919785
4
reference_url https://security.gentoo.org/glsa/201308-04
reference_id GLSA-201308-04
reference_type
scores
url https://security.gentoo.org/glsa/201308-04
5
reference_url https://access.redhat.com/errata/RHSA-2013:0710
reference_id RHSA-2013:0710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0710
6
reference_url https://usn.ubuntu.com/1759-1/
reference_id USN-1759-1
reference_type
scores
url https://usn.ubuntu.com/1759-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2013-2275
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9t7v-tnzt-cqa6
8
url VCID-b5ns-wtb6-fkha
vulnerability_id VCID-b5ns-wtb6-fkha
summary Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-5713
reference_id
reference_type
scores
0
value 0.0112
scoring_system epss
scoring_elements 0.78579
published_at 2026-06-04T12:55:00Z
1
value 0.0112
scoring_system epss
scoring_elements 0.78606
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-5713
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5713
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5713
fixed_packages
0
url pkg:deb/debian/puppet@4.8.2-5~bpo8%2B1
purl pkg:deb/debian/puppet@4.8.2-5~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mn3q-6cs1-ukcq
1
vulnerability VCID-wqeh-3r7d-7ffz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@4.8.2-5~bpo8%252B1
aliases CVE-2016-5713
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b5ns-wtb6-fkha
9
url VCID-c6dw-92d3-n7c5
vulnerability_id VCID-c6dw-92d3-n7c5
summary Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2274.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2274.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2274
reference_id
reference_type
scores
0
value 0.01851
scoring_system epss
scoring_elements 0.83356
published_at 2026-06-04T12:55:00Z
1
value 0.01851
scoring_system epss
scoring_elements 0.8338
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2274
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2274
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2274
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=919773
reference_id 919773
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=919773
4
reference_url https://security.gentoo.org/glsa/201308-04
reference_id GLSA-201308-04
reference_type
scores
url https://security.gentoo.org/glsa/201308-04
5
reference_url https://access.redhat.com/errata/RHSA-2013:0710
reference_id RHSA-2013:0710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0710
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2013-2274
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c6dw-92d3-n7c5
10
url VCID-df8e-jf8b-puec
vulnerability_id VCID-df8e-jf8b-puec
summary 
Puppet uses predictable filenames, allowing arbitrary file overwrite
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.
references
0
reference_url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3871.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3871.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3871
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.13271
published_at 2026-06-04T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.13345
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3871
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3871
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3871
7
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
8
reference_url https://github.com/puppetlabs/puppet/commit/343c7bd381b63e042d437111718918f951d9b30d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/343c7bd381b63e042d437111718918f951d9b30d
9
reference_url https://github.com/puppetlabs/puppet/commit/d76c30935460ded953792dfe49f72b8c5158e899
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/d76c30935460ded953792dfe49f72b8c5158e899
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3871.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3871.yml
11
reference_url http://www.debian.org/security/2011/dsa-2314
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2314
12
reference_url http://www.ubuntu.com/usn/USN-1223-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-1
13
reference_url http://www.ubuntu.com/usn/USN-1223-2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-2
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=742649
reference_id 742649
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=742649
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3871
reference_id CVE-2011-3871
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-3871
16
reference_url https://puppet.com/security/cve/cve-2011-3871
reference_id CVE-2011-3871
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2011-3871
17
reference_url https://github.com/advisories/GHSA-mpmx-gm5v-q789
reference_id GHSA-mpmx-gm5v-q789
reference_type
scores
url https://github.com/advisories/GHSA-mpmx-gm5v-q789
18
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
19
reference_url https://usn.ubuntu.com/1223-1/
reference_id USN-1223-1
reference_type
scores
url https://usn.ubuntu.com/1223-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2011-3871, GHSA-mpmx-gm5v-q789
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-df8e-jf8b-puec
11
url VCID-djqs-7e92-wbb7
vulnerability_id VCID-djqs-7e92-wbb7
summary Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1986.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1986.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1986
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.59378
published_at 2026-06-04T12:55:00Z
1
value 0.00374
scoring_system epss
scoring_elements 0.59429
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1986
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1986
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1986
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=810069
reference_id 810069
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=810069
4
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
5
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
6
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2012-1986
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-djqs-7e92-wbb7
12
url VCID-ear8-9pcm-zqfz
vulnerability_id VCID-ear8-9pcm-zqfz
summary 
Low severity vulnerability that affects puppet
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html
1
reference_url http://projects.puppetlabs.com/issues/13606
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/issues/13606
2
reference_url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13
3
reference_url http://puppetlabs.com/security/cve/cve-2012-1989
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-1989
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1989
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.1855
published_at 2026-06-05T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18472
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1989
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989
7
reference_url http://secunia.com/advisories/48743
reference_id
reference_type
scores
url http://secunia.com/advisories/48743
8
reference_url http://secunia.com/advisories/48748
reference_id
reference_type
scores
url http://secunia.com/advisories/48748
9
reference_url http://secunia.com/advisories/49136
reference_id
reference_type
scores
url http://secunia.com/advisories/49136
10
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74797
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74797
11
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml
13
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/15087408
14
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
15
reference_url https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access
16
reference_url http://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1419-1
17
reference_url http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/52975
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=837339
reference_id 837339
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=837339
19
reference_url http://puppetlabs.com/security/cve/cve-2012-1989/
reference_id CVE-2012-1989
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-1989/
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1989
reference_id CVE-2012-1989
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1989
21
reference_url https://github.com/advisories/GHSA-c5qq-g673-5p49
reference_id GHSA-c5qq-g673-5p49
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c5qq-g673-5p49
22
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
23
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2012-1989, GHSA-c5qq-g673-5p49
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ear8-9pcm-zqfz
13
url VCID-ej47-hdx8-pbhp
vulnerability_id VCID-ej47-hdx8-pbhp
summary Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6120.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6120.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-6120
reference_id
reference_type
scores
0
value 0.00099
scoring_system epss
scoring_elements 0.27152
published_at 2026-06-04T12:55:00Z
1
value 0.00099
scoring_system epss
scoring_elements 0.27217
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-6120
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6120
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6120
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=908629
reference_id 908629
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=908629
4
reference_url https://security.gentoo.org/glsa/201308-04
reference_id GLSA-201308-04
reference_type
scores
url https://security.gentoo.org/glsa/201308-04
5
reference_url https://access.redhat.com/errata/RHSA-2013:0710
reference_id RHSA-2013:0710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0710
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2012-6120
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ej47-hdx8-pbhp
14
url VCID-fjyu-jwpx-sfe5
vulnerability_id VCID-fjyu-jwpx-sfe5
summary 
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
3
reference_url http://projects.puppetlabs.com/issues/13518
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/issues/13518
4
reference_url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
5
reference_url http://puppetlabs.com/security/cve/cve-2012-1988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-1988
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1988
reference_id
reference_type
scores
0
value 0.00492
scoring_system epss
scoring_elements 0.66003
published_at 2026-06-04T12:55:00Z
1
value 0.00492
scoring_system epss
scoring_elements 0.66055
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1988
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
10
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
11
reference_url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
12
reference_url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
14
reference_url https://hermes.opensuse.org/messages/14523305
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/14523305
15
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/15087408
16
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
17
reference_url https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
18
reference_url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
19
reference_url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988
20
reference_url https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
21
reference_url https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
22
reference_url https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
23
reference_url https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
24
reference_url https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
25
reference_url http://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1419-1
26
reference_url http://www.debian.org/security/2012/dsa-2451
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2451
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=810071
reference_id 810071
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=810071
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1988
reference_id CVE-2012-1988
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1988
29
reference_url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/
reference_id CVE-2012-1988
reference_type
scores
url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/
30
reference_url https://github.com/advisories/GHSA-6xxq-j39w-g3f6
reference_id GHSA-6xxq-j39w-g3f6
reference_type
scores
url https://github.com/advisories/GHSA-6xxq-j39w-g3f6
31
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
32
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
33
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2012-1988, GHSA-6xxq-j39w-g3f6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fjyu-jwpx-sfe5
15
url VCID-fwaq-2kzp-2kgc
vulnerability_id VCID-fwaq-2kzp-2kgc
summary Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1654.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1654.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1654
reference_id
reference_type
scores
0
value 0.00595
scoring_system epss
scoring_elements 0.69685
published_at 2026-06-04T12:55:00Z
1
value 0.00595
scoring_system epss
scoring_elements 0.69725
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1654
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1654
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=919770
reference_id 919770
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=919770
4
reference_url https://security.gentoo.org/glsa/201308-04
reference_id GLSA-201308-04
reference_type
scores
url https://security.gentoo.org/glsa/201308-04
5
reference_url https://access.redhat.com/errata/RHSA-2013:0710
reference_id RHSA-2013:0710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0710
6
reference_url https://usn.ubuntu.com/1759-1/
reference_id USN-1759-1
reference_type
scores
url https://usn.ubuntu.com/1759-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2013-1654
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fwaq-2kzp-2kgc
16
url VCID-g1nc-3ca8-xkes
vulnerability_id VCID-g1nc-3ca8-xkes
summary Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3872.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3872.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3872
reference_id
reference_type
scores
0
value 0.02778
scoring_system epss
scoring_elements 0.86331
published_at 2026-06-04T12:55:00Z
1
value 0.02778
scoring_system epss
scoring_elements 0.86352
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3872
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3872
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3872
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=748447
reference_id 748447
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=748447
4
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
5
reference_url https://usn.ubuntu.com/1238-1/
reference_id USN-1238-1
reference_type
scores
url https://usn.ubuntu.com/1238-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2011-3872
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g1nc-3ca8-xkes
17
url VCID-g5ek-ebw1-ebhf
vulnerability_id VCID-g5ek-ebw1-ebhf
summary 
Puppet Privilege Escallation
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1053.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1053.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1053
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13752
published_at 2026-06-04T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.1383
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1053
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/73445
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/73445
4
reference_url https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36
5
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
url https://hermes.opensuse.org/messages/15087408
6
reference_url https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html
reference_id
reference_type
scores
url https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html
7
reference_url https://ubuntu.com/usn/usn-1372-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://ubuntu.com/usn/usn-1372-1
8
reference_url https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053
9
reference_url https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458
10
reference_url https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457
11
reference_url https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459
12
reference_url https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158
13
reference_url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
14
reference_url https://www.debian.org/security/2012/dsa-2419
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2012/dsa-2419
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=791001
reference_id 791001
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=791001
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1053
reference_id CVE-2012-1053
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1053
17
reference_url https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/
reference_id CVE-2012-1053
reference_type
scores
url https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/
18
reference_url https://github.com/advisories/GHSA-77hg-g8cc-5r37
reference_id GHSA-77hg-g8cc-5r37
reference_type
scores
url https://github.com/advisories/GHSA-77hg-g8cc-5r37
19
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
20
reference_url https://usn.ubuntu.com/1372-1/
reference_id USN-1372-1
reference_type
scores
url https://usn.ubuntu.com/1372-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2012-1053, GHSA-77hg-g8cc-5r37
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g5ek-ebw1-ebhf
18
url VCID-gfnp-y7y2-f7fu
vulnerability_id VCID-gfnp-y7y2-f7fu
summary 
Puppet uses predictable filenames, allowing arbitrary file overwrite
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.
references
0
reference_url http://projects.puppetlabs.com/issues/13260
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/issues/13260
1
reference_url http://puppetlabs.com/security/cve/cve-2012-1906
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-1906
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1906.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1906.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1906
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19946
published_at 2026-06-04T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.20022
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1906
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1906
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1906
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74793
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74793
6
reference_url https://github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27f
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.yml
8
reference_url https://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://ubuntu.com/usn/usn-1419-1
9
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
10
reference_url https://www.debian.org/security/2012/dsa-2451
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2012/dsa-2451
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2236311
reference_id 2236311
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2236311
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1906
reference_id CVE-2012-1906
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1906
13
reference_url https://github.com/advisories/GHSA-c4mc-49hq-q275
reference_id GHSA-c4mc-49hq-q275
reference_type
scores
url https://github.com/advisories/GHSA-c4mc-49hq-q275
14
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
15
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2012-1906, GHSA-c4mc-49hq-q275
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfnp-y7y2-f7fu
19
url VCID-jj8h-wz8z-xfbq
vulnerability_id VCID-jj8h-wz8z-xfbq
summary Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability."
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-5714
reference_id
reference_type
scores
0
value 0.0101
scoring_system epss
scoring_elements 0.77451
published_at 2026-06-04T12:55:00Z
1
value 0.0101
scoring_system epss
scoring_elements 0.77478
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-5714
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5714
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5714
2
reference_url https://security.gentoo.org/glsa/201710-12
reference_id GLSA-201710-12
reference_type
scores
url https://security.gentoo.org/glsa/201710-12
fixed_packages
0
url pkg:deb/debian/puppet@4.8.2-5~bpo8%2B1
purl pkg:deb/debian/puppet@4.8.2-5~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mn3q-6cs1-ukcq
1
vulnerability VCID-wqeh-3r7d-7ffz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@4.8.2-5~bpo8%252B1
aliases CVE-2016-5714
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jj8h-wz8z-xfbq
20
url VCID-jrdk-dzhe-z7ff
vulnerability_id VCID-jrdk-dzhe-z7ff
summary Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1054.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1054.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1054
reference_id
reference_type
scores
0
value 0.00071
scoring_system epss
scoring_elements 0.21736
published_at 2026-06-04T12:55:00Z
1
value 0.00071
scoring_system epss
scoring_elements 0.21816
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1054
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1054
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1054
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=791002
reference_id 791002
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=791002
4
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
5
reference_url https://usn.ubuntu.com/1372-1/
reference_id USN-1372-1
reference_type
scores
url https://usn.ubuntu.com/1372-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2012-1054
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jrdk-dzhe-z7ff
21
url VCID-jwz8-kbu1-f3d7
vulnerability_id VCID-jwz8-kbu1-f3d7
summary Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3848.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3848.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3848
reference_id
reference_type
scores
0
value 0.00433
scoring_system epss
scoring_elements 0.63094
published_at 2026-06-04T12:55:00Z
1
value 0.00433
scoring_system epss
scoring_elements 0.63138
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3848
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3848
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3848
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=742174
reference_id 742174
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=742174
4
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
5
reference_url https://usn.ubuntu.com/1217-1/
reference_id USN-1217-1
reference_type
scores
url https://usn.ubuntu.com/1217-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2011-3848
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwz8-kbu1-f3d7
22
url VCID-khb1-phav-ukf8
vulnerability_id VCID-khb1-phav-ukf8
summary 
Low severity vulnerability that affects puppet
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
1
reference_url http://puppetlabs.com/security/cve/cve-2012-3866
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-3866
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3866
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.16136
published_at 2026-06-05T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.16052
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3866
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=839135
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=839135
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3866
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3866
5
reference_url http://secunia.com/advisories/50014
reference_id
reference_type
scores
url http://secunia.com/advisories/50014
6
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
7
reference_url https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3866.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3866.yml
9
reference_url https://www.puppet.com/security/cve/cve-2012-3866-lastrunreportyaml-world-readable
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2012-3866-lastrunreportyaml-world-readable
10
reference_url http://www.debian.org/security/2012/dsa-2511
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2511
11
reference_url http://www.ubuntu.com/usn/USN-1506-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1506-1
12
reference_url http://puppetlabs.com/security/cve/cve-2012-3866/
reference_id CVE-2012-3866
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-3866/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3866
reference_id CVE-2012-3866
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3866
14
reference_url https://github.com/advisories/GHSA-8jxj-9r5f-w3m2
reference_id GHSA-8jxj-9r5f-w3m2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8jxj-9r5f-w3m2
15
reference_url https://usn.ubuntu.com/1506-1/
reference_id USN-1506-1
reference_type
scores
url https://usn.ubuntu.com/1506-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2012-3866, GHSA-8jxj-9r5f-w3m2
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khb1-phav-ukf8
23
url VCID-mn3q-6cs1-ukcq
vulnerability_id VCID-mn3q-6cs1-ukcq
summary 
Improper Privilege Management
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-10689
reference_id
reference_type
scores
0
value 0.00092
scoring_system epss
scoring_elements 0.25747
published_at 2026-06-04T12:55:00Z
1
value 0.00092
scoring_system epss
scoring_elements 0.2585
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-10689
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
6
reference_url https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee
7
reference_url https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1
8
reference_url https://tickets.puppetlabs.com/browse/PUP-7866
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tickets.puppetlabs.com/browse/PUP-7866
9
reference_url https://usn.ubuntu.com/3567-1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3567-1
10
reference_url https://usn.ubuntu.com/3567-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3567-1/
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1542850
reference_id 1542850
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1542850
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412
reference_id 890412
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-10689
reference_id CVE-2017-10689
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-10689
14
reference_url https://puppet.com/security/cve/CVE-2017-10689
reference_id CVE-2017-10689
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements
1
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/CVE-2017-10689
15
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml
reference_id CVE-2017-10689.YML
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml
16
reference_url https://github.com/advisories/GHSA-vw22-465p-8j5w
reference_id GHSA-vw22-465p-8j5w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vw22-465p-8j5w
17
reference_url https://usn.ubuntu.com/USN-4804-1/
reference_id USN-USN-4804-1
reference_type
scores
url https://usn.ubuntu.com/USN-4804-1/
fixed_packages
0
url pkg:deb/debian/puppet@5.5.10-4
purl pkg:deb/debian/puppet@5.5.10-4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.10-4
aliases CVE-2017-10689, GHSA-vw22-465p-8j5w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mn3q-6cs1-ukcq
24
url VCID-mntc-3nm2-xybw
vulnerability_id VCID-mntc-3nm2-xybw
summary Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1653
reference_id
reference_type
scores
0
value 0.01966
scoring_system epss
scoring_elements 0.83849
published_at 2026-06-04T12:55:00Z
1
value 0.01966
scoring_system epss
scoring_elements 0.83872
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1653
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1653
2
reference_url https://security.gentoo.org/glsa/201308-04
reference_id GLSA-201308-04
reference_type
scores
url https://security.gentoo.org/glsa/201308-04
3
reference_url https://usn.ubuntu.com/1759-1/
reference_id USN-1759-1
reference_type
scores
url https://usn.ubuntu.com/1759-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2013-1653
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mntc-3nm2-xybw
25
url VCID-nrht-tzzq-eqhs
vulnerability_id VCID-nrht-tzzq-eqhs
summary 
Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3248.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3248.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3248
reference_id
reference_type
scores
0
value 0.00074
scoring_system epss
scoring_elements 0.2258
published_at 2026-06-05T12:55:00Z
1
value 0.00074
scoring_system epss
scoring_elements 0.22496
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3248
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248
3
reference_url http://secunia.com/advisories/59197
reference_id
reference_type
scores
url http://secunia.com/advisories/59197
4
reference_url http://secunia.com/advisories/59200
reference_id
reference_type
scores
url http://secunia.com/advisories/59200
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mcollective-client/CVE-2014-3248.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mcollective-client/CVE-2014-3248.yml
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2014-3248.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2014-3248.yml
9
reference_url https://web.archive.org/web/20141129061319/http://www.securityfocus.com/bid/68035
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20141129061319/http://www.securityfocus.com/bid/68035
10
reference_url https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet
11
reference_url https://web.archive.org/web/20150907182402/http://puppetlabs.com/security/cve/cve-2014-3248
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150907182402/http://puppetlabs.com/security/cve/cve-2014-3248
12
reference_url http://www.securityfocus.com/bid/68035
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/68035
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1101346
reference_id 1101346
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1101346
14
reference_url http://puppetlabs.com/security/cve/cve-2014-3248
reference_id CVE-2014-3248
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2014-3248
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3248
reference_id CVE-2014-3248
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3248
16
reference_url http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/
reference_id CVE-2014-3248-A-LITTLE-PROBLEM-WITH-PUPPET
reference_type
scores
url http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/
17
reference_url https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/
reference_id CVE-2014-3248-A-LITTLE-PROBLEM-WITH-PUPPET
reference_type
scores
url https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/
18
reference_url https://github.com/advisories/GHSA-92v7-pq4h-58j5
reference_id GHSA-92v7-pq4h-58j5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-92v7-pq4h-58j5
19
reference_url https://security.gentoo.org/glsa/201412-15
reference_id GLSA-201412-15
reference_type
scores
url https://security.gentoo.org/glsa/201412-15
20
reference_url https://security.gentoo.org/glsa/201412-45
reference_id GLSA-201412-45
reference_type
scores
url https://security.gentoo.org/glsa/201412-45
21
reference_url https://usn.ubuntu.com/3308-1/
reference_id USN-3308-1
reference_type
scores
url https://usn.ubuntu.com/3308-1/
fixed_packages
0
url pkg:deb/debian/puppet@3.7.2-4
purl pkg:deb/debian/puppet@3.7.2-4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b5ns-wtb6-fkha
1
vulnerability VCID-jj8h-wz8z-xfbq
2
vulnerability VCID-mn3q-6cs1-ukcq
3
vulnerability VCID-wqeh-3r7d-7ffz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4
aliases CVE-2014-3248, GHSA-92v7-pq4h-58j5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nrht-tzzq-eqhs
26
url VCID-qhz5-1muw-dqgn
vulnerability_id VCID-qhz5-1muw-dqgn
summary 
Moderate severity vulnerability that affects puppet
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
2
reference_url http://puppetlabs.com/security/cve/cve-2012-3867
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-3867
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3867
reference_id
reference_type
scores
0
value 0.01418
scoring_system epss
scoring_elements 0.80944
published_at 2026-06-05T12:55:00Z
1
value 0.01418
scoring_system epss
scoring_elements 0.80916
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3867
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=839158
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=839158
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867
7
reference_url http://secunia.com/advisories/50014
reference_id
reference_type
scores
url http://secunia.com/advisories/50014
8
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
9
reference_url https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
10
reference_url https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml
12
reference_url https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation
13
reference_url http://www.debian.org/security/2012/dsa-2511
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2511
14
reference_url http://www.ubuntu.com/usn/USN-1506-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1506-1
15
reference_url http://puppetlabs.com/security/cve/cve-2012-3867/
reference_id CVE-2012-3867
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-3867/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3867
reference_id CVE-2012-3867
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3867
17
reference_url https://github.com/advisories/GHSA-q44r-f2hm-v76v
reference_id GHSA-q44r-f2hm-v76v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q44r-f2hm-v76v
18
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
19
reference_url https://usn.ubuntu.com/1506-1/
reference_id USN-1506-1
reference_type
scores
url https://usn.ubuntu.com/1506-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2012-3867, GHSA-q44r-f2hm-v76v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qhz5-1muw-dqgn
27
url VCID-ta3j-j5s5-hfba
vulnerability_id VCID-ta3j-j5s5-hfba
summary 
Improper Authentication
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.
references
0
reference_url http://puppetlabs.com/security/cve/cve-2012-3408
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-3408
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3408.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3408.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3408
reference_id
reference_type
scores
0
value 0.00257
scoring_system epss
scoring_elements 0.49387
published_at 2026-06-05T12:55:00Z
1
value 0.00257
scoring_system epss
scoring_elements 0.49326
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3408
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=839166
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=839166
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3408
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3408
5
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
6
reference_url https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3408.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3408.yml
8
reference_url https://www.puppet.com/security/cve/cve-2012-3408-agent-impersonation
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2012-3408-agent-impersonation
9
reference_url http://puppetlabs.com/security/cve/cve-2012-3408/
reference_id CVE-2012-3408
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-3408/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3408
reference_id CVE-2012-3408
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3408
11
reference_url https://github.com/advisories/GHSA-vxf6-w9mp-95hm
reference_id GHSA-vxf6-w9mp-95hm
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vxf6-w9mp-95hm
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2012-3408, GHSA-vxf6-w9mp-95hm
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ta3j-j5s5-hfba
28
url VCID-thv1-66q2-uuc9
vulnerability_id VCID-thv1-66q2-uuc9
summary 
Puppet Denial of Service and Arbitrary File Write
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1987
reference_id
reference_type
scores
0
value 0.00763
scoring_system epss
scoring_elements 0.73768
published_at 2026-06-04T12:55:00Z
1
value 0.00763
scoring_system epss
scoring_elements 0.73805
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1987
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
7
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
8
reference_url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
9
reference_url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
11
reference_url https://hermes.opensuse.org/messages/14523305
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/14523305
12
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/15087408
13
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
14
reference_url https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
15
reference_url https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
16
reference_url https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
17
reference_url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
18
reference_url http://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1419-1
19
reference_url http://www.debian.org/security/2012/dsa-2451
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2451
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=810070
reference_id 810070
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=810070
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1987
reference_id CVE-2012-1987
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1987
22
reference_url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/
reference_id CVE-2012-1987
reference_type
scores
url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/
23
reference_url https://github.com/advisories/GHSA-v58w-6xc2-w799
reference_id GHSA-v58w-6xc2-w799
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-v58w-6xc2-w799
24
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
25
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
26
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2012-1987, GHSA-v58w-6xc2-w799
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-thv1-66q2-uuc9
29
url VCID-vxdt-q1t7-27hh
vulnerability_id VCID-vxdt-q1t7-27hh
summary 
Improper Input Validation
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1655
reference_id
reference_type
scores
0
value 0.00536
scoring_system epss
scoring_elements 0.6786
published_at 2026-06-05T12:55:00Z
1
value 0.00536
scoring_system epss
scoring_elements 0.6782
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1655
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655
4
reference_url http://secunia.com/advisories/52596
reference_id
reference_type
scores
url http://secunia.com/advisories/52596
5
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-1655.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-1655.yml
7
reference_url https://puppetlabs.com/security/cve/cve-2013-1655
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://puppetlabs.com/security/cve/cve-2013-1655
8
reference_url https://web.archive.org/web/20200228144801/http://www.securityfocus.com/bid/58442
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228144801/http://www.securityfocus.com/bid/58442
9
reference_url https://www.puppet.com/security/cve/cve-2013-1655-unauthenticated-remote-code-execution-vulnerability
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2013-1655-unauthenticated-remote-code-execution-vulnerability
10
reference_url http://ubuntu.com/usn/usn-1759-1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1759-1
11
reference_url http://www.debian.org/security/2013/dsa-2643
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2643
12
reference_url http://www.securityfocus.com/bid/58442
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/58442
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1655
reference_id CVE-2013-1655
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1655
14
reference_url https://puppetlabs.com/security/cve/cve-2013-1655/
reference_id CVE-2013-1655
reference_type
scores
url https://puppetlabs.com/security/cve/cve-2013-1655/
15
reference_url https://github.com/advisories/GHSA-574q-fxfj-wv6h
reference_id GHSA-574q-fxfj-wv6h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-574q-fxfj-wv6h
16
reference_url https://security.gentoo.org/glsa/201308-04
reference_id GLSA-201308-04
reference_type
scores
url https://security.gentoo.org/glsa/201308-04
17
reference_url https://usn.ubuntu.com/1759-1/
reference_id USN-1759-1
reference_type
scores
url https://usn.ubuntu.com/1759-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2013-1655, GHSA-574q-fxfj-wv6h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vxdt-q1t7-27hh
30
url VCID-wmv1-2hjk-8ycf
vulnerability_id VCID-wmv1-2hjk-8ycf
summary The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1640.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1640.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1640
reference_id
reference_type
scores
0
value 0.02291
scoring_system epss
scoring_elements 0.85011
published_at 2026-06-04T12:55:00Z
1
value 0.02291
scoring_system epss
scoring_elements 0.85035
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1640
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1640
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1640
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=919783
reference_id 919783
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=919783
4
reference_url https://security.gentoo.org/glsa/201308-04
reference_id GLSA-201308-04
reference_type
scores
url https://security.gentoo.org/glsa/201308-04
5
reference_url https://access.redhat.com/errata/RHSA-2013:0710
reference_id RHSA-2013:0710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0710
6
reference_url https://usn.ubuntu.com/1759-1/
reference_id USN-1759-1
reference_type
scores
url https://usn.ubuntu.com/1759-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2013-1640
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wmv1-2hjk-8ycf
31
url VCID-wqeh-3r7d-7ffz
vulnerability_id VCID-wqeh-3r7d-7ffz
summary Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2295
reference_id
reference_type
scores
0
value 0.01449
scoring_system epss
scoring_elements 0.81116
published_at 2026-06-04T12:55:00Z
1
value 0.01449
scoring_system epss
scoring_elements 0.81143
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2295
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:C/I:C/A:C
1
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1452651
reference_id 1452651
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1452651
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212
reference_id 863212
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212
6
reference_url https://usn.ubuntu.com/3308-1/
reference_id USN-3308-1
reference_type
scores
url https://usn.ubuntu.com/3308-1/
7
reference_url https://usn.ubuntu.com/USN-4804-1/
reference_id USN-USN-4804-1
reference_type
scores
url https://usn.ubuntu.com/USN-4804-1/
fixed_packages
0
url pkg:deb/debian/puppet@3.7.2-4%2Bdeb8u1
purl pkg:deb/debian/puppet@3.7.2-4%2Bdeb8u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b5ns-wtb6-fkha
1
vulnerability VCID-jj8h-wz8z-xfbq
2
vulnerability VCID-mn3q-6cs1-ukcq
3
vulnerability VCID-wqeh-3r7d-7ffz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4%252Bdeb8u1
1
url pkg:deb/debian/puppet@4.8.2-5
purl pkg:deb/debian/puppet@4.8.2-5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mn3q-6cs1-ukcq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@4.8.2-5
aliases CVE-2017-2295
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wqeh-3r7d-7ffz
32
url VCID-wqm7-m41f-pqfm
vulnerability_id VCID-wqm7-m41f-pqfm
summary 
Improper Input Validation
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-1283.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1283.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-1284.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1284.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-3567
reference_id
reference_type
scores
0
value 0.05772
scoring_system epss
scoring_elements 0.90652
published_at 2026-06-05T12:55:00Z
1
value 0.05772
scoring_system epss
scoring_elements 0.90638
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-3567
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567
7
reference_url http://secunia.com/advisories/54429
reference_id
reference_type
scores
url http://secunia.com/advisories/54429
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:C/I:C/A:C
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml
11
reference_url https://puppetlabs.com/security/cve/cve-2013-3567
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://puppetlabs.com/security/cve/cve-2013-3567
12
reference_url https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability
13
reference_url http://www.debian.org/security/2013/dsa-2715
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2715
14
reference_url http://www.ubuntu.com/usn/USN-1886-1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1886-1
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745
reference_id 712745
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=974649
reference_id 974649
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=974649
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-3567
reference_id CVE-2013-3567
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-3567
18
reference_url https://puppetlabs.com/security/cve/cve-2013-3567/
reference_id CVE-2013-3567
reference_type
scores
url https://puppetlabs.com/security/cve/cve-2013-3567/
19
reference_url https://github.com/advisories/GHSA-f7p5-w2cr-7cp7
reference_id GHSA-f7p5-w2cr-7cp7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f7p5-w2cr-7cp7
20
reference_url https://security.gentoo.org/glsa/201308-04
reference_id GLSA-201308-04
reference_type
scores
url https://security.gentoo.org/glsa/201308-04
21
reference_url https://access.redhat.com/errata/RHSA-2013:1283
reference_id RHSA-2013:1283
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1283
22
reference_url https://access.redhat.com/errata/RHSA-2013:1284
reference_id RHSA-2013:1284
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1284
23
reference_url https://usn.ubuntu.com/1886-1/
reference_id USN-1886-1
reference_type
scores
url https://usn.ubuntu.com/1886-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
1
url pkg:deb/debian/puppet@3.7.2-4
purl pkg:deb/debian/puppet@3.7.2-4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b5ns-wtb6-fkha
1
vulnerability VCID-jj8h-wz8z-xfbq
2
vulnerability VCID-mn3q-6cs1-ukcq
3
vulnerability VCID-wqeh-3r7d-7ffz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4
aliases CVE-2013-3567, GHSA-f7p5-w2cr-7cp7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wqm7-m41f-pqfm
33
url VCID-xhmp-nrhy-zfcn
vulnerability_id VCID-xhmp-nrhy-zfcn
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
2
reference_url http://puppetlabs.com/security/cve/cve-2012-3865
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-3865
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3865
reference_id
reference_type
scores
0
value 0.01176
scoring_system epss
scoring_elements 0.7908
published_at 2026-06-05T12:55:00Z
1
value 0.01176
scoring_system epss
scoring_elements 0.79054
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3865
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=839131
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=839131
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865
7
reference_url http://secunia.com/advisories/50014
reference_id
reference_type
scores
url http://secunia.com/advisories/50014
8
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
9
reference_url https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
10
reference_url https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml
13
reference_url https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master
14
reference_url http://www.debian.org/security/2012/dsa-2511
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2511
15
reference_url http://www.ubuntu.com/usn/USN-1506-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1506-1
16
reference_url http://puppetlabs.com/security/cve/cve-2012-3865/
reference_id CVE-2012-3865
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-3865/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3865
reference_id CVE-2012-3865
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3865
18
reference_url https://github.com/advisories/GHSA-g89m-3wjw-h857
reference_id GHSA-g89m-3wjw-h857
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g89m-3wjw-h857
19
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
20
reference_url https://usn.ubuntu.com/1506-1/
reference_id USN-1506-1
reference_type
scores
url https://usn.ubuntu.com/1506-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2012-3865, GHSA-g89m-3wjw-h857
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhmp-nrhy-zfcn
34
url VCID-xxht-cd83-7qb9
vulnerability_id VCID-xxht-cd83-7qb9
summary 
Improper Link Resolution Before File Access ('Link Following')
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.
references
0
reference_url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3870.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3870.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3870
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10006
published_at 2026-06-05T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.09962
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3870
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3870
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3870
7
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
8
reference_url https://github.com/puppetlabs/puppet/commit/88512e880bd2a03694b5fef42540dc7b3da05d30
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/88512e880bd2a03694b5fef42540dc7b3da05d30
9
reference_url https://github.com/puppetlabs/puppet/commit/b29b1785d543a3cea961fffa9b3c15f14ab7cce0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/b29b1785d543a3cea961fffa9b3c15f14ab7cce0
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3870.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3870.yml
11
reference_url http://www.debian.org/security/2011/dsa-2314
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2314
12
reference_url http://www.ubuntu.com/usn/USN-1223-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-1
13
reference_url http://www.ubuntu.com/usn/USN-1223-2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-2
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=742644
reference_id 742644
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=742644
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3870
reference_id CVE-2011-3870
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-3870
16
reference_url https://puppet.com/security/cve/cve-2011-3870
reference_id CVE-2011-3870
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2011-3870
17
reference_url https://github.com/advisories/GHSA-qh3g-27jf-3j54
reference_id GHSA-qh3g-27jf-3j54
reference_type
scores
url https://github.com/advisories/GHSA-qh3g-27jf-3j54
18
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
19
reference_url https://usn.ubuntu.com/1223-1/
reference_id USN-1223-1
reference_type
scores
url https://usn.ubuntu.com/1223-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.23-1~deb7u3
purl pkg:deb/debian/puppet@2.7.23-1~deb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-86jb-mnzj-e3cy
4
vulnerability VCID-b5ns-wtb6-fkha
5
vulnerability VCID-jj8h-wz8z-xfbq
6
vulnerability VCID-mn3q-6cs1-ukcq
7
vulnerability VCID-nrht-tzzq-eqhs
8
vulnerability VCID-wqeh-3r7d-7ffz
9
vulnerability VCID-wqm7-m41f-pqfm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3
aliases CVE-2011-3870, GHSA-qh3g-27jf-3j54
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xxht-cd83-7qb9
Fixing_vulnerabilities
0
url VCID-982t-up4e-t7eg
vulnerability_id VCID-982t-up4e-t7eg
summary 
Improper Link Resolution Before File Access ('Link Following')
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.
references
0
reference_url http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087
1
reference_url http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-0156
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.0938
published_at 2026-06-05T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.09336
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-0156
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=502881
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=502881
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0156
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0156
8
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
9
reference_url https://github.com/puppetlabs/puppet/commit/0aae57f91dc69b22fb674f8de3a13c22edd07128
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/0aae57f91dc69b22fb674f8de3a13c22edd07128
10
reference_url https://github.com/puppetlabs/puppet/commit/6111ba80f2c6f6d1541af971f565119e6e03d77d
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/6111ba80f2c6f6d1541af971f565119e6e03d77d
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2010-0156.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2010-0156.yml
12
reference_url https://web.archive.org/web/20100316113904/http://secunia.com/advisories/38766
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20100316113904/http://secunia.com/advisories/38766
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-0156
reference_id CVE-2010-0156
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2010-0156
14
reference_url https://puppet.com/security/cve/cve-2010-0156
reference_id CVE-2010-0156
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2010-0156
15
reference_url https://github.com/advisories/GHSA-vrh7-99jh-3fmm
reference_id GHSA-vrh7-99jh-3fmm
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vrh7-99jh-3fmm
16
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
17
reference_url https://usn.ubuntu.com/917-1/
reference_id USN-917-1
reference_type
scores
url https://usn.ubuntu.com/917-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze9
purl pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-6816-tprb-zqgt
4
vulnerability VCID-7gsz-qxb2-mbe7
5
vulnerability VCID-7wuf-dtva-x7ej
6
vulnerability VCID-86jb-mnzj-e3cy
7
vulnerability VCID-9t7v-tnzt-cqa6
8
vulnerability VCID-b5ns-wtb6-fkha
9
vulnerability VCID-c6dw-92d3-n7c5
10
vulnerability VCID-df8e-jf8b-puec
11
vulnerability VCID-djqs-7e92-wbb7
12
vulnerability VCID-ear8-9pcm-zqfz
13
vulnerability VCID-ej47-hdx8-pbhp
14
vulnerability VCID-fjyu-jwpx-sfe5
15
vulnerability VCID-fwaq-2kzp-2kgc
16
vulnerability VCID-g1nc-3ca8-xkes
17
vulnerability VCID-g5ek-ebw1-ebhf
18
vulnerability VCID-gfnp-y7y2-f7fu
19
vulnerability VCID-jj8h-wz8z-xfbq
20
vulnerability VCID-jrdk-dzhe-z7ff
21
vulnerability VCID-jwz8-kbu1-f3d7
22
vulnerability VCID-khb1-phav-ukf8
23
vulnerability VCID-mn3q-6cs1-ukcq
24
vulnerability VCID-mntc-3nm2-xybw
25
vulnerability VCID-nrht-tzzq-eqhs
26
vulnerability VCID-qhz5-1muw-dqgn
27
vulnerability VCID-ta3j-j5s5-hfba
28
vulnerability VCID-thv1-66q2-uuc9
29
vulnerability VCID-vxdt-q1t7-27hh
30
vulnerability VCID-wmv1-2hjk-8ycf
31
vulnerability VCID-wqeh-3r7d-7ffz
32
vulnerability VCID-wqm7-m41f-pqfm
33
vulnerability VCID-xhmp-nrhy-zfcn
34
vulnerability VCID-xxht-cd83-7qb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.6.2-5%252Bsqueeze9
aliases CVE-2010-0156, GHSA-vrh7-99jh-3fmm
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-982t-up4e-t7eg
1
url VCID-msp5-ahmq-hbc3
vulnerability_id VCID-msp5-ahmq-hbc3
summary 
Puppet does not properly restrict access to node resources
Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0528.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0528.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0528
reference_id
reference_type
scores
0
value 0.00265
scoring_system epss
scoring_elements 0.50207
published_at 2026-06-04T12:55:00Z
1
value 0.00265
scoring_system epss
scoring_elements 0.50268
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0528
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0528
3
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
4
reference_url https://github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.yml
6
reference_url http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html
reference_id
reference_type
scores
url http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html
7
reference_url http://www.mail-archive.com/puppet-users@googlegroups.com/msg16429.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.mail-archive.com/puppet-users@googlegroups.com/msg16429.html
8
reference_url http://www.openwall.com/lists/oss-security/2011/01/27/6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/01/27/6
9
reference_url http://www.openwall.com/lists/oss-security/2011/01/31/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/01/31/5
10
reference_url http://www.ubuntu.com/usn/USN-1365-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1365-1
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0528
reference_id CVE-2011-0528
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0528
12
reference_url https://github.com/advisories/GHSA-9pvx-fwwh-w289
reference_id GHSA-9pvx-fwwh-w289
reference_type
scores
url https://github.com/advisories/GHSA-9pvx-fwwh-w289
13
reference_url https://usn.ubuntu.com/1365-1/
reference_id USN-1365-1
reference_type
scores
url https://usn.ubuntu.com/1365-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze9
purl pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-6816-tprb-zqgt
4
vulnerability VCID-7gsz-qxb2-mbe7
5
vulnerability VCID-7wuf-dtva-x7ej
6
vulnerability VCID-86jb-mnzj-e3cy
7
vulnerability VCID-9t7v-tnzt-cqa6
8
vulnerability VCID-b5ns-wtb6-fkha
9
vulnerability VCID-c6dw-92d3-n7c5
10
vulnerability VCID-df8e-jf8b-puec
11
vulnerability VCID-djqs-7e92-wbb7
12
vulnerability VCID-ear8-9pcm-zqfz
13
vulnerability VCID-ej47-hdx8-pbhp
14
vulnerability VCID-fjyu-jwpx-sfe5
15
vulnerability VCID-fwaq-2kzp-2kgc
16
vulnerability VCID-g1nc-3ca8-xkes
17
vulnerability VCID-g5ek-ebw1-ebhf
18
vulnerability VCID-gfnp-y7y2-f7fu
19
vulnerability VCID-jj8h-wz8z-xfbq
20
vulnerability VCID-jrdk-dzhe-z7ff
21
vulnerability VCID-jwz8-kbu1-f3d7
22
vulnerability VCID-khb1-phav-ukf8
23
vulnerability VCID-mn3q-6cs1-ukcq
24
vulnerability VCID-mntc-3nm2-xybw
25
vulnerability VCID-nrht-tzzq-eqhs
26
vulnerability VCID-qhz5-1muw-dqgn
27
vulnerability VCID-ta3j-j5s5-hfba
28
vulnerability VCID-thv1-66q2-uuc9
29
vulnerability VCID-vxdt-q1t7-27hh
30
vulnerability VCID-wmv1-2hjk-8ycf
31
vulnerability VCID-wqeh-3r7d-7ffz
32
vulnerability VCID-wqm7-m41f-pqfm
33
vulnerability VCID-xhmp-nrhy-zfcn
34
vulnerability VCID-xxht-cd83-7qb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.6.2-5%252Bsqueeze9
aliases CVE-2011-0528, GHSA-9pvx-fwwh-w289
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-msp5-ahmq-hbc3
2
url VCID-wpqq-eg3b-3kcc
vulnerability_id VCID-wpqq-eg3b-3kcc
summary puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3564.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3564.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-3564
reference_id
reference_type
scores
0
value 0.00053
scoring_system epss
scoring_elements 0.17011
published_at 2026-06-04T12:55:00Z
1
value 0.00053
scoring_system epss
scoring_elements 0.17087
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-3564
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3564
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3564
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=475201
reference_id 475201
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=475201
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551073
reference_id 551073
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551073
5
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
6
reference_url https://usn.ubuntu.com/917-1/
reference_id USN-917-1
reference_type
scores
url https://usn.ubuntu.com/917-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze9
purl pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n9j-3ymz-dub5
1
vulnerability VCID-38dv-ps67-r7f7
2
vulnerability VCID-3xtf-acbg-nqhe
3
vulnerability VCID-6816-tprb-zqgt
4
vulnerability VCID-7gsz-qxb2-mbe7
5
vulnerability VCID-7wuf-dtva-x7ej
6
vulnerability VCID-86jb-mnzj-e3cy
7
vulnerability VCID-9t7v-tnzt-cqa6
8
vulnerability VCID-b5ns-wtb6-fkha
9
vulnerability VCID-c6dw-92d3-n7c5
10
vulnerability VCID-df8e-jf8b-puec
11
vulnerability VCID-djqs-7e92-wbb7
12
vulnerability VCID-ear8-9pcm-zqfz
13
vulnerability VCID-ej47-hdx8-pbhp
14
vulnerability VCID-fjyu-jwpx-sfe5
15
vulnerability VCID-fwaq-2kzp-2kgc
16
vulnerability VCID-g1nc-3ca8-xkes
17
vulnerability VCID-g5ek-ebw1-ebhf
18
vulnerability VCID-gfnp-y7y2-f7fu
19
vulnerability VCID-jj8h-wz8z-xfbq
20
vulnerability VCID-jrdk-dzhe-z7ff
21
vulnerability VCID-jwz8-kbu1-f3d7
22
vulnerability VCID-khb1-phav-ukf8
23
vulnerability VCID-mn3q-6cs1-ukcq
24
vulnerability VCID-mntc-3nm2-xybw
25
vulnerability VCID-nrht-tzzq-eqhs
26
vulnerability VCID-qhz5-1muw-dqgn
27
vulnerability VCID-ta3j-j5s5-hfba
28
vulnerability VCID-thv1-66q2-uuc9
29
vulnerability VCID-vxdt-q1t7-27hh
30
vulnerability VCID-wmv1-2hjk-8ycf
31
vulnerability VCID-wqeh-3r7d-7ffz
32
vulnerability VCID-wqm7-m41f-pqfm
33
vulnerability VCID-xhmp-nrhy-zfcn
34
vulnerability VCID-xxht-cd83-7qb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.6.2-5%252Bsqueeze9
aliases CVE-2009-3564
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wpqq-eg3b-3kcc
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.6.2-5%252Bsqueeze9