VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-2jc8-n1j4-m7c6

Essentials
Severities (21)
References (21)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-2jc8-n1j4-m7c6
Aliases	CVE-2012-1053 GHSA-77hg-g8cc-5r37
Summary	Puppet Privilege Escallation The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-269	Improper Privilege Management

System	Score	Found at
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2012-1053
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2012-1053
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2012-1053
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2012-1053
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2012-1053
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2012-1053
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2012-1053
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2012-1053
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2012-1053
generic_textual	MODERATE	https://exchange.xforce.ibmcloud.com/vulnerabilities/73445
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-77hg-g8cc-5r37
generic_textual	MODERATE	https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2012-1053
generic_textual	MODERATE	https://ubuntu.com/usn/usn-1372-1
generic_textual	MODERATE	https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053
generic_textual	MODERATE	https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458
generic_textual	MODERATE	https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457
generic_textual	MODERATE	https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459
generic_textual	MODERATE	https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158
generic_textual	MODERATE	https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
generic_textual	MODERATE	https://www.debian.org/security/2012/dsa-2419

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1053.json
		https://api.first.org/data/v1/epss?cve=CVE-2012-1053
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053
		https://exchange.xforce.ibmcloud.com/vulnerabilities/73445
		https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36
		https://hermes.opensuse.org/messages/15087408
		https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html
		https://ubuntu.com/usn/usn-1372-1
		https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053
		https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458
		https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457
		https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459
		https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158
		https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
		https://www.debian.org/security/2012/dsa-2419
791001		https://bugzilla.redhat.com/show_bug.cgi?id=791001
CVE-2012-1053		https://nvd.nist.gov/vuln/detail/CVE-2012-1053
CVE-2012-1053		https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/
GHSA-77hg-g8cc-5r37		https://github.com/advisories/GHSA-77hg-g8cc-5r37
GLSA-201203-03		https://security.gentoo.org/glsa/201203-03
USN-1372-1		https://usn.ubuntu.com/1372-1/

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.13389
EPSS Score	0.00044
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:50:40.155136+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/puppet/CVE-2012-1053.yml	38.0.0