Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-8bv3-zak5-p7er
Vulnerability ID VCID-8bv3-zak5-p7er
Aliases CVE-2012-1989
GHSA-c5qq-g673-5p49
Summary Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code.
Status Published
Exploitability 0.5
Weighted Severity 2.7
Risk 1.4
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-377 Insecure Temporary File
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264 Permissions, Privileges, and Access Controls
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual LOW http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html
generic_textual LOW http://projects.puppetlabs.com/issues/13606
generic_textual LOW http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13
generic_textual LOW http://puppetlabs.com/security/cve/cve-2012-1989
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2012-1989
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2012-1989
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2012-1989
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2012-1989
generic_textual LOW https://exchange.xforce.ibmcloud.com/vulnerabilities/74797
cvssv3.1_qr LOW https://github.com/advisories/GHSA-c5qq-g673-5p49
generic_textual LOW https://github.com/puppetlabs/puppet
generic_textual LOW https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml
generic_textual LOW https://hermes.opensuse.org/messages/15087408
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2012-1989
generic_textual LOW https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
generic_textual LOW https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access
generic_textual LOW http://ubuntu.com/usn/usn-1419-1
Reference id Reference type URL
http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html
http://projects.puppetlabs.com/issues/13606
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13
http://puppetlabs.com/security/cve/cve-2012-1989
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json
https://api.first.org/data/v1/epss?cve=CVE-2012-1989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989
http://secunia.com/advisories/48743
http://secunia.com/advisories/48748
http://secunia.com/advisories/49136
https://exchange.xforce.ibmcloud.com/vulnerabilities/74797
https://github.com/puppetlabs/puppet
https://hermes.opensuse.org/messages/15087408
https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
http://ubuntu.com/usn/usn-1419-1
http://www.securityfocus.com/bid/52975
837339 https://bugzilla.redhat.com/show_bug.cgi?id=837339
CVE-2012-1989 http://puppetlabs.com/security/cve/cve-2012-1989/
CVE-2012-1989 https://nvd.nist.gov/vuln/detail/CVE-2012-1989
CVE-2012-1989-ARBITRARY-FILE-WRITE-ACCESS https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access
CVE-2012-1989.YML https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml
GHSA-c5qq-g673-5p49 https://github.com/advisories/GHSA-c5qq-g673-5p49
GLSA-201208-02 https://security.gentoo.org/glsa/201208-02
USN-1419-1 https://usn.ubuntu.com/1419-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.18536
EPSS Score 0.00058
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:54:59.817841+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201208-02 38.6.0