CVE-2012-6120
puppet - security update
EPSS 0.10%
Description
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files.
How to fix CVE-2012-6120
To remediate CVE-2012-6120, upgrade the affected package to a fixed version below.
- Debian/puppet—upgrade to 2.6.4-2 or later
- Debian/puppet—upgrade to 2.6.2-5+squeeze10 or later
Is CVE-2012-6120 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.6.4-2
- from 0, < 2.6.2-5+squeeze10