VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-pgg8-9sk2-57ee

Essentials
Severities (22)
References (24)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-pgg8-9sk2-57ee
Aliases	CVE-2012-1989 GHSA-c5qq-g673-5p49
Summary	Low severity vulnerability that affects puppet telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-377	Insecure Temporary File

System	Score	Found at
generic_textual	LOW	http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html
generic_textual	LOW	http://projects.puppetlabs.com/issues/13606
generic_textual	LOW	http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13
generic_textual	LOW	http://puppetlabs.com/security/cve/cve-2012-1989
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2012-1989
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2012-1989
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2012-1989
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2012-1989
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2012-1989
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2012-1989
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2012-1989
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2012-1989
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2012-1989
generic_textual	LOW	https://exchange.xforce.ibmcloud.com/vulnerabilities/74797
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-c5qq-g673-5p49
generic_textual	LOW	https://github.com/puppetlabs/puppet
generic_textual	LOW	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml
generic_textual	LOW	https://hermes.opensuse.org/messages/15087408
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2012-1989
generic_textual	LOW	https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
generic_textual	LOW	https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access
generic_textual	LOW	http://ubuntu.com/usn/usn-1419-1

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html
		http://projects.puppetlabs.com/issues/13606
		http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13
		http://puppetlabs.com/security/cve/cve-2012-1989
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json
		https://api.first.org/data/v1/epss?cve=CVE-2012-1989
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989
		http://secunia.com/advisories/48743
		http://secunia.com/advisories/48748
		http://secunia.com/advisories/49136
		https://exchange.xforce.ibmcloud.com/vulnerabilities/74797
		https://github.com/puppetlabs/puppet
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml
		https://hermes.opensuse.org/messages/15087408
		https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
		https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access
		http://ubuntu.com/usn/usn-1419-1
		http://www.securityfocus.com/bid/52975
837339		https://bugzilla.redhat.com/show_bug.cgi?id=837339
CVE-2012-1989		http://puppetlabs.com/security/cve/cve-2012-1989/
CVE-2012-1989		https://nvd.nist.gov/vuln/detail/CVE-2012-1989
GHSA-c5qq-g673-5p49		https://github.com/advisories/GHSA-c5qq-g673-5p49
GLSA-201208-02		https://security.gentoo.org/glsa/201208-02
USN-1419-1		https://usn.ubuntu.com/1419-1/

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.18282
EPSS Score	0.00058
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:47:27.457141+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/puppet/CVE-2012-1989.yml	38.0.0