VYPR
Moderate severityNVD Advisory· Published May 29, 2012· Updated Jun 16, 2026

CVE-2012-1053

CVE-2012-1053

Description

The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
puppetRubyGems
>= 2.6, < 2.6.142.6.14
puppetRubyGems
>= 2.7, < 2.7.112.7.11

Affected products

36
  • cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*+ 24 more
    • cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:1.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2.0.2:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 2.6, < 2.6.14

Patches

Vulnerability mechanics

References

27

News mentions

0

No linked articles in our index yet.