Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-4xud-gypp-4kcb
Vulnerability ID VCID-4xud-gypp-4kcb
Aliases CVE-2012-1989
GHSA-c5qq-g673-5p49
Summary Puppet allows local users to overwrite arbitrary files via a symlink attack `telnet.rb` in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (`/tmp/out.log`).
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-377 Insecure Temporary File
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264 Permissions, Privileges, and Access Controls
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual LOW http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html
generic_textual LOW http://projects.puppetlabs.com/issues/13606
generic_textual LOW http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13
generic_textual LOW http://puppetlabs.com/security/cve/cve-2012-1989
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2012-1989
generic_textual LOW https://exchange.xforce.ibmcloud.com/vulnerabilities/74797
cvssv3.1_qr LOW https://github.com/advisories/GHSA-c5qq-g673-5p49
generic_textual LOW https://github.com/puppetlabs/puppet
generic_textual LOW https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml
generic_textual LOW https://hermes.opensuse.org/messages/15087408
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2012-1989
generic_textual LOW https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
generic_textual LOW https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access
generic_textual LOW http://ubuntu.com/usn/usn-1419-1
Reference id Reference type URL
http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html
http://projects.puppetlabs.com/issues/13606
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13
http://puppetlabs.com/security/cve/cve-2012-1989
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json
https://api.first.org/data/v1/epss?cve=CVE-2012-1989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989
http://secunia.com/advisories/48743
http://secunia.com/advisories/48748
http://secunia.com/advisories/49136
https://exchange.xforce.ibmcloud.com/vulnerabilities/74797
https://github.com/puppetlabs/puppet
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml
https://hermes.opensuse.org/messages/15087408
https://nvd.nist.gov/vuln/detail/CVE-2012-1989
https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access
http://ubuntu.com/usn/usn-1419-1
http://www.securityfocus.com/bid/52975
837339 https://bugzilla.redhat.com/show_bug.cgi?id=837339
CVE-2012-1989 http://puppetlabs.com/security/cve/cve-2012-1989/
GHSA-c5qq-g673-5p49 https://github.com/advisories/GHSA-c5qq-g673-5p49
GLSA-201208-02 https://security.gentoo.org/glsa/201208-02
USN-1419-1 https://usn.ubuntu.com/1419-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.18482
EPSS Score 0.00058
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:57:09.169696+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-c5qq-g673-5p49/GHSA-c5qq-g673-5p49.json 38.6.0