Low severityNVD Advisory· Published Jun 27, 2012· Updated Apr 29, 2026
CVE-2012-1989
CVE-2012-1989
Description
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
puppetRubyGems | >= 2.7.1, < 2.7.13 | 2.7.13 |
Affected products
20cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.5.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- puppetlabs.com/security/cve/cve-2012-1989/nvdVendor Advisory
- secunia.com/advisories/48743nvdVendor Advisory
- secunia.com/advisories/48748nvdVendor Advisory
- secunia.com/advisories/49136nvdVendor Advisory
- github.com/advisories/GHSA-c5qq-g673-5p49ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-1989ghsaADVISORY
- lists.opensuse.org/opensuse-updates/2012-05/msg00012.htmlnvdWEB
- projects.puppetlabs.com/issues/13606nvdWEB
- projects.puppetlabs.com/projects/1/wiki/Release_NotesnvdWEB
- puppetlabs.com/security/cve/cve-2012-1989ghsaWEB
- ubuntu.com/usn/usn-1419-1nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/74797nvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.ymlghsaWEB
- hermes.opensuse.org/messages/15087408nvdWEB
- web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975ghsaWEB
- www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-accessghsaWEB
- www.securityfocus.com/bid/52975nvd
News mentions
0No linked articles in our index yet.