Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-b62r-1nyr-93fp
Vulnerability ID VCID-b62r-1nyr-93fp
Aliases CVE-2010-0156
GHSA-vrh7-99jh-3fmm
Summary Multiple vulnerabilities have been found in Puppet, the worst of which might allow local attackers to gain escalated privileges.
Status Published
Exploitability 0.5
Weighted Severity 2.7
Risk 1.4
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-59 Improper Link Resolution Before File Access ('Link Following')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual LOW http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087
generic_textual LOW http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2
generic_textual LOW http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html
generic_textual LOW http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html
generic_textual LOW http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2010-0156
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2010-0156
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2010-0156
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2010-0156
generic_textual LOW https://bugzilla.redhat.com/show_bug.cgi?id=502881
cvssv3.1_qr LOW https://github.com/advisories/GHSA-vrh7-99jh-3fmm
generic_textual LOW https://github.com/puppetlabs/puppet
generic_textual LOW https://github.com/puppetlabs/puppet/commit/0aae57f91dc69b22fb674f8de3a13c22edd07128
generic_textual LOW https://github.com/puppetlabs/puppet/commit/6111ba80f2c6f6d1541af971f565119e6e03d77d
generic_textual LOW https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2010-0156.yml
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2010-0156
generic_textual LOW https://puppet.com/security/cve/cve-2010-0156
generic_textual LOW https://web.archive.org/web/20100316113904/http://secunia.com/advisories/38766
Reference id Reference type URL
http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087
http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html
https://api.first.org/data/v1/epss?cve=CVE-2010-0156
https://bugzilla.redhat.com/show_bug.cgi?id=502881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0156
https://github.com/puppetlabs/puppet
https://github.com/puppetlabs/puppet/commit/0aae57f91dc69b22fb674f8de3a13c22edd07128
https://github.com/puppetlabs/puppet/commit/6111ba80f2c6f6d1541af971f565119e6e03d77d
https://web.archive.org/web/20100316113904/http://secunia.com/advisories/38766
CVE-2010-0156 https://nvd.nist.gov/vuln/detail/CVE-2010-0156
CVE-2010-0156 https://puppet.com/security/cve/cve-2010-0156
CVE-2010-0156.YML https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2010-0156.yml
GHSA-vrh7-99jh-3fmm https://github.com/advisories/GHSA-vrh7-99jh-3fmm
GLSA-201203-03 https://security.gentoo.org/glsa/201203-03
USN-917-1 https://usn.ubuntu.com/917-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.09441
EPSS Score 0.00031
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:58:02.225367+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201203-03 38.6.0