6

CVSS Score

Basic Information

CVE ID

CVE-2012-1988

GHSA ID

GHSA-6xxq-j39w-g3f6

EPSS Score

0.64679%

CWE

CWE-77

Published

5/14/2022

Updated

2/6/2024

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2012-1988

CVE-2012-1988: Puppet Arbitrary Command Execution

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.

(GitHub Advisory)

6

CVSS Score

Basic Information

CVE ID

CVE-2012-1988

GHSA ID

GHSA-6xxq-j39w-g3f6

EPSS Score

0.64679%

CWE

CWE-77

Published

5/14/2022

Updated

2/6/2024

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
puppet	rubygems	>= 2.6.0, < 2.6.15	2.6.15
puppet	rubygems	>= 2.7.0, < 2.7.13	2.7.13

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from the 'bucket_path' parameter being passed through in filebucket requests. The fix in commit 0d6d299 explicitly deletes this parameter in the uri2indirection method, indicating it was the injection point. The function's failure to remove this parameter allowed attackers to control the file path used in shell commands, leading to arbitrary command execution via path manipulation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Pupp*t *.*.x ***or* *.*.** *n* *.*.x ***or* *.*.**, *n* Pupp*t *nt*rpris* (P*) Us*rs *.*, *.*, *.*.x, *.*.x, *n* *.*.x ***or* *.*.* *llows r*mot* *ut**nti**t** us*rs wit* ***nt SSL k*ys *n* *il*-*r**tion p*rmissions on t** pupp*t m*st*r to *x**ut* *r

Reasoning

T** vuln*r**ility st*mm** *rom t** '*u*k*t_p*t*' p*r*m*t*r **in* p*ss** t*rou** in *il**u*k*t r*qu*sts. T** *ix in *ommit ******* *xpli*itly **l*t*s t*is p*r*m*t*r in t** `uri*in*ir**tion` m*t*o*, in*i**tin* it w*s t** inj**tion point. T** `*un*tion`

6

Basic Information

Concerned about an active attack path?

CVE-2012-1988: Puppet Arbitrary Command Execution

6

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI