Unrated severityNVD Advisory· Published May 29, 2012· Updated Jun 16, 2026
CVE-2012-1986
CVE-2012-1986
Description
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
40cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*+ 27 more
- cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
- (no CPE)range: >=2.6.0,<2.6.15 | >=2.7.0,<2.7.13
cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.5.0:*:*:*:*:*:*:*
- (no CPE)range: >=1.0,<2.5.1
Patches
Vulnerability mechanics
References
16- puppetlabs.com/security/cve/cve-2012-1986/nvdVendor Advisory
- secunia.com/advisories/48743nvdVendor Advisory
- secunia.com/advisories/48748nvdVendor Advisory
- secunia.com/advisories/48789nvdVendor Advisory
- secunia.com/advisories/49136nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.htmlnvd
- projects.puppetlabs.com/issues/13511nvd
- projects.puppetlabs.com/projects/1/wiki/Release_Notesnvd
- ubuntu.com/usn/usn-1419-1nvd
- www.debian.org/security/2012/dsa-2451nvd
- www.securityfocus.com/bid/52975nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/74794nvd
- hermes.opensuse.org/messages/14523305nvd
- hermes.opensuse.org/messages/15087408nvd
News mentions
0No linked articles in our index yet.