{"url":"http://public2.vulnerablecode.io/api/packages/77182?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.11","type":"ebuild","namespace":"app-admin","name":"puppet","version":"2.7.11","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.7.13","latest_non_vulnerable_version":"2.7.23","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15833?format=json","vulnerability_id":"VCID-2jc8-n1j4-m7c6","summary":"Puppet Privilege Escallation\nThe change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1053.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1053.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1053","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13476","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13372","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13279","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13277","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13357","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13362","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13335","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13231","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13132","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13288","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13371","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13365","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13396","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13389","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13489","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13551","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13348","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1343","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13479","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13453","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13418","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/73445","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/73445"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36"},{"reference_url":"https://hermes.opensuse.org/messages/15087408","reference_id":"","reference_type":"","scores":[],"url":"https://hermes.opensuse.org/messages/15087408"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html"},{"reference_url":"https://ubuntu.com/usn/usn-1372-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ubuntu.com/usn/usn-1372-1"},{"reference_url":"https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053"},{"reference_url":"https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458"},{"reference_url":"https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457"},{"reference_url":"https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459"},{"reference_url":"https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158"},{"reference_url":"https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14"},{"reference_url":"https://www.debian.org/security/2012/dsa-2419","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2012/dsa-2419"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=791001","reference_id":"791001","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=791001"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1053","reference_id":"CVE-2012-1053","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1053"},{"reference_url":"https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/","reference_id":"CVE-2012-1053","reference_type":"","scores":[],"url":"https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/"},{"reference_url":"https://github.com/advisories/GHSA-77hg-g8cc-5r37","reference_id":"GHSA-77hg-g8cc-5r37","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77hg-g8cc-5r37"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/1372-1/","reference_id":"USN-1372-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1372-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77182?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.11"}],"aliases":["CVE-2012-1053","GHSA-77hg-g8cc-5r37"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2jc8-n1j4-m7c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47723?format=json","vulnerability_id":"VCID-72s2-y7m6-kuf6","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which might allow local attackers to gain escalated privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1054.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1054.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1054","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21599","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21826","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21579","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21656","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21713","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21724","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21685","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21628","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21627","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21634","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21602","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21454","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21448","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21436","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21341","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21409","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21494","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21472","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21492","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21564","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21585","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1054"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=791002","reference_id":"791002","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=791002"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/1372-1/","reference_id":"USN-1372-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1372-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77182?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.11"}],"aliases":["CVE-2012-1054"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-72s2-y7m6-kuf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15788?format=json","vulnerability_id":"VCID-a7cn-eqbq-qyb1","summary":"Puppet uses predictable filenames, allowing arbitrary file overwrite\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.","references":[{"reference_url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3871.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3871.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3871","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13025","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12915","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12939","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12907","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12801","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12711","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1286","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12931","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1292","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12946","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1302","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12958","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1305","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13102","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12904","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12983","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13035","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12996","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12913","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12814","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12817","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3871"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/343c7bd381b63e042d437111718918f951d9b30d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/343c7bd381b63e042d437111718918f951d9b30d"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/d76c30935460ded953792dfe49f72b8c5158e899","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/d76c30935460ded953792dfe49f72b8c5158e899"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3871.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3871.yml"},{"reference_url":"http://www.debian.org/security/2011/dsa-2314","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2314"},{"reference_url":"http://www.ubuntu.com/usn/USN-1223-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1223-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-1223-2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1223-2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=742649","reference_id":"742649","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=742649"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3871","reference_id":"CVE-2011-3871","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3871"},{"reference_url":"https://puppet.com/security/cve/cve-2011-3871","reference_id":"CVE-2011-3871","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2011-3871"},{"reference_url":"https://github.com/advisories/GHSA-mpmx-gm5v-q789","reference_id":"GHSA-mpmx-gm5v-q789","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mpmx-gm5v-q789"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/1223-1/","reference_id":"USN-1223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77182?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.11"}],"aliases":["CVE-2011-3871","GHSA-mpmx-gm5v-q789"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7cn-eqbq-qyb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47720?format=json","vulnerability_id":"VCID-absc-ndrs-yqep","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which might allow local attackers to gain escalated privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3564.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3564.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3564","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16703","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16872","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16929","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16712","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16798","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16853","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.1683","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16786","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16727","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16664","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16671","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16708","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16613","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16603","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16568","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16434","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16553","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16658","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16623","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16659","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16742","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.1674","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3564"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3564","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3564"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=475201","reference_id":"475201","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=475201"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551073","reference_id":"551073","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551073"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/917-1/","reference_id":"USN-917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/917-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77182?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.11"}],"aliases":["CVE-2009-3564"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-absc-ndrs-yqep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47721?format=json","vulnerability_id":"VCID-fdk4-8wtn-nqct","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which might allow local attackers to gain escalated privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3848.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3848.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3848","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62653","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62711","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62742","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62706","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62758","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62775","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62793","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62783","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.6276","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62801","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62808","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62789","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62809","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62826","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62824","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62777","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62877","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62836","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62862","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62917","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62928","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3848"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3848","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3848"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=742174","reference_id":"742174","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=742174"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/1217-1/","reference_id":"USN-1217-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1217-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77182?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.11"}],"aliases":["CVE-2011-3848"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fdk4-8wtn-nqct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15709?format=json","vulnerability_id":"VCID-jhkk-5euf-uked","summary":"Improper Link Resolution Before File Access ('Link Following')\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.","references":[{"reference_url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3869","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12867","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12678","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1278","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.128","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12764","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12656","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12563","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12698","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12763","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12789","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1286","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12803","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12901","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12951","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12754","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12834","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12885","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12851","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12813","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12768","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12671","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml"},{"reference_url":"http://www.debian.org/security/2011/dsa-2314","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2314"},{"reference_url":"http://www.ubuntu.com/usn/USN-1223-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1223-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-1223-2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1223-2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=742645","reference_id":"742645","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=742645"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3869","reference_id":"CVE-2011-3869","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3869"},{"reference_url":"https://puppet.com/security/cve/cve-2011-3869","reference_id":"CVE-2011-3869","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2011-3869"},{"reference_url":"https://github.com/advisories/GHSA-8c56-v25w-f89c","reference_id":"GHSA-8c56-v25w-f89c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8c56-v25w-f89c"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/1223-1/","reference_id":"USN-1223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77182?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.11"}],"aliases":["CVE-2011-3869","GHSA-8c56-v25w-f89c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jhkk-5euf-uked"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15493?format=json","vulnerability_id":"VCID-txx3-3fzg-33cp","summary":"Improper Link Resolution Before File Access ('Link Following')\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.","references":[{"reference_url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3870.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3870.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3870","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09682","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09345","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09547","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09512","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09472","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09382","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0954","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09611","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09592","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09625","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09688","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09397","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09401","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09451","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09361","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09435","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09483","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09496","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09469","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09452","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09344","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3870"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3870","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3870"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/88512e880bd2a03694b5fef42540dc7b3da05d30","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/88512e880bd2a03694b5fef42540dc7b3da05d30"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/b29b1785d543a3cea961fffa9b3c15f14ab7cce0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/b29b1785d543a3cea961fffa9b3c15f14ab7cce0"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3870.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3870.yml"},{"reference_url":"http://www.debian.org/security/2011/dsa-2314","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2314"},{"reference_url":"http://www.ubuntu.com/usn/USN-1223-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1223-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-1223-2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1223-2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=742644","reference_id":"742644","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=742644"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3870","reference_id":"CVE-2011-3870","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3870"},{"reference_url":"https://puppet.com/security/cve/cve-2011-3870","reference_id":"CVE-2011-3870","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2011-3870"},{"reference_url":"https://github.com/advisories/GHSA-qh3g-27jf-3j54","reference_id":"GHSA-qh3g-27jf-3j54","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qh3g-27jf-3j54"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/1223-1/","reference_id":"USN-1223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77182?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.11"}],"aliases":["CVE-2011-3870","GHSA-qh3g-27jf-3j54"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-txx3-3fzg-33cp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47722?format=json","vulnerability_id":"VCID-vrzs-81t1-jyax","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which might allow local attackers to gain escalated privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3872.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3872.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3872","reference_id":"","reference_type":"","scores":[{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.85995","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86006","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86023","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86022","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86042","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86051","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86065","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86063","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86058","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86076","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86081","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86073","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86093","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86102","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86103","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86122","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86144","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86161","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86158","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86171","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.8621","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.8622","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3872"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=748447","reference_id":"748447","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=748447"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/1238-1/","reference_id":"USN-1238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77182?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.11"}],"aliases":["CVE-2011-3872"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vrzs-81t1-jyax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14212?format=json","vulnerability_id":"VCID-ww8x-tzxr-4qbn","summary":"Improper Link Resolution Before File Access ('Link Following')\nPuppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.","references":[{"reference_url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087"},{"reference_url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0156","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12854","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1277","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1279","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12753","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12645","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12552","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12687","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12756","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12778","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12848","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12785","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12883","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12933","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12736","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12816","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12867","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12833","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12795","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1275","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12653","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1266","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0156"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=502881","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=502881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0156","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0156"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/0aae57f91dc69b22fb674f8de3a13c22edd07128","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/0aae57f91dc69b22fb674f8de3a13c22edd07128"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/6111ba80f2c6f6d1541af971f565119e6e03d77d","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/6111ba80f2c6f6d1541af971f565119e6e03d77d"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2010-0156.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2010-0156.yml"},{"reference_url":"https://web.archive.org/web/20100316113904/http://secunia.com/advisories/38766","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20100316113904/http://secunia.com/advisories/38766"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-0156","reference_id":"CVE-2010-0156","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-0156"},{"reference_url":"https://puppet.com/security/cve/cve-2010-0156","reference_id":"CVE-2010-0156","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2010-0156"},{"reference_url":"https://github.com/advisories/GHSA-vrh7-99jh-3fmm","reference_id":"GHSA-vrh7-99jh-3fmm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vrh7-99jh-3fmm"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/917-1/","reference_id":"USN-917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/917-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77182?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.11"}],"aliases":["CVE-2010-0156","GHSA-vrh7-99jh-3fmm"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ww8x-tzxr-4qbn"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.11"}