Vulnerabilites related to puppet - puppet_dashboard
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://puppetlabs.com/security/cve/cve-2012-0891 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://puppetlabs.com/security/cve/cve-2012-0891 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| puppet | puppet_dashboard | 1.0.0 | |
| puppet | puppet_dashboard | 1.0.3 | |
| puppet | puppet_dashboard | 1.0.4 | |
| puppet | puppet_dashboard | 1.1.0 | |
| puppet | puppet_dashboard | 1.1.1 | |
| puppet | puppet_dashboard | 1.2.0 | |
| puppet | puppet_dashboard | 1.2.1 | |
| puppet | puppet_dashboard | 1.2.2 | |
| puppet | puppet_dashboard | 1.2.3 | |
| puppet | puppet_dashboard | 1.2.4 | |
| puppet | puppet_enterprise | 1.0 | |
| puppet | puppet_enterprise | 1.1 | |
| puppet | puppet_enterprise | 1.2.0 | |
| puppet | puppet_enterprise | 2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68EBEE5C-A39B-4F8E-A005-11327D639C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E85933FC-0433-45FB-A7D6-E3298B947E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE296ACD-1869-45E5-88AB-DEFB47C55989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6036A3DB-95E6-4EF9-B45F-C483D0D6D4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6FA405-C453-4008-9DFC-A46AFA5C6D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B6A088-F3D5-44B5-9469-CBAE8715B13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6016EF1-335F-4042-ACFD-9B518217D448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73176F23-F996-454F-9123-96FC9392C1EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86584240-8AB6-4ABC-94BB-037D37A74AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F17DBFE-D13E-4AF0-9F93-918BE2BE649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "926CFE0B-57A0-42EE-8B84-5C53C94F552E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54836761-86C0-4240-8A43-D6DECC2BBBDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A584D14-197E-47EB-B394-B8B211D4B502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFA5742-38F2-43BD-9C90-E4F447F55684",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Puppet Dashboard 1.0 anterior a 1.2.5 y Enterprise 1.0 anterior a 1.2.5 y 2.x anterior a 2.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de campos no especificados."
}
],
"id": "CVE-2012-0891",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T16:55:04.567",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-0891 (GCVE-0-2012-0891)
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:15.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://puppetlabs.com/security/cve/cve-2012-0891",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0891",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2012-01-20T00:00:00",
"dateUpdated": "2024-08-06T18:38:15.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}