VulnerableCode Vulnerability Details - VCID-cs6u-96e9-a3hq

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-cs6u-96e9-a3hq

Essentials
Severities (12)
References (16)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-cs6u-96e9-a3hq
Aliases	CVE-2012-3866 GHSA-8jxj-9r5f-w3m2
Summary	Puppet allows local users to obtain sensitive configuration information `lib/puppet/defaults.rb` in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for `last_run_report.yaml`, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	LOW	http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
generic_textual	LOW	http://puppetlabs.com/security/cve/cve-2012-3866
epss	0.0005	https://api.first.org/data/v1/epss?cve=CVE-2012-3866
generic_textual	LOW	https://bugzilla.redhat.com/show_bug.cgi?id=839135
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-8jxj-9r5f-w3m2
generic_textual	LOW	https://github.com/puppetlabs/puppet
generic_textual	LOW	https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f
generic_textual	LOW	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3866.yml
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2012-3866
generic_textual	LOW	https://www.puppet.com/security/cve/cve-2012-3866-lastrunreportyaml-world-readable
generic_textual	LOW	http://www.debian.org/security/2012/dsa-2511
generic_textual	LOW	http://www.ubuntu.com/usn/USN-1506-1

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
		http://puppetlabs.com/security/cve/cve-2012-3866
		https://api.first.org/data/v1/epss?cve=CVE-2012-3866
		https://bugzilla.redhat.com/show_bug.cgi?id=839135
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3866
		http://secunia.com/advisories/50014
		https://github.com/puppetlabs/puppet
		https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3866.yml
		https://nvd.nist.gov/vuln/detail/CVE-2012-3866
		https://www.puppet.com/security/cve/cve-2012-3866-lastrunreportyaml-world-readable
		http://www.debian.org/security/2012/dsa-2511
		http://www.ubuntu.com/usn/USN-1506-1
CVE-2012-3866		http://puppetlabs.com/security/cve/cve-2012-3866/
GHSA-8jxj-9r5f-w3m2		https://github.com/advisories/GHSA-8jxj-9r5f-w3m2
USN-1506-1		https://usn.ubuntu.com/1506-1/

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.16089
EPSS Score	0.0005
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T08:57:16.172742+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-8jxj-9r5f-w3m2/GHSA-8jxj-9r5f-w3m2.json	38.6.0