CVE-2012-5158 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:S/C:N/I:P/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 37%

Vendor	Product	Version
puppet	puppet_enterprise	𝑥 ≤ 2.6.0
puppet	puppet_enterprise	2.0.0
puppet	puppet_enterprise	2.5.1
puppet	puppet_enterprise	2.5.2
puppetlabs	puppet	2.5.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

puppet

bullseye

5.5.22-2

fixed

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

http://puppetlabs.com/security/cve/cve-2012-5158

http://puppetlabs.com/security/cve/cve-2012-5158