All the vulnerabilites related to puppet - puppet_dashboard
cve-2012-0891
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.
References
| ▼ | URL | Tags |
|---|---|---|
| http://puppetlabs.com/security/cve/cve-2012-0891 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:15.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://puppetlabs.com/security/cve/cve-2012-0891",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0891",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2012-01-20T00:00:00",
"dateUpdated": "2024-08-06T18:38:15.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:35
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://puppetlabs.com/security/cve/cve-2012-0891 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://puppetlabs.com/security/cve/cve-2012-0891 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| puppet | puppet_dashboard | 1.0.0 | |
| puppet | puppet_dashboard | 1.0.3 | |
| puppet | puppet_dashboard | 1.0.4 | |
| puppet | puppet_dashboard | 1.1.0 | |
| puppet | puppet_dashboard | 1.1.1 | |
| puppet | puppet_dashboard | 1.2.0 | |
| puppet | puppet_dashboard | 1.2.1 | |
| puppet | puppet_dashboard | 1.2.2 | |
| puppet | puppet_dashboard | 1.2.3 | |
| puppet | puppet_dashboard | 1.2.4 | |
| puppet | puppet_enterprise | 1.0 | |
| puppet | puppet_enterprise | 1.1 | |
| puppet | puppet_enterprise | 1.2.0 | |
| puppet | puppet_enterprise | 2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68EBEE5C-A39B-4F8E-A005-11327D639C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E85933FC-0433-45FB-A7D6-E3298B947E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE296ACD-1869-45E5-88AB-DEFB47C55989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6036A3DB-95E6-4EF9-B45F-C483D0D6D4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6FA405-C453-4008-9DFC-A46AFA5C6D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B6A088-F3D5-44B5-9469-CBAE8715B13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6016EF1-335F-4042-ACFD-9B518217D448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73176F23-F996-454F-9123-96FC9392C1EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86584240-8AB6-4ABC-94BB-037D37A74AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F17DBFE-D13E-4AF0-9F93-918BE2BE649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "926CFE0B-57A0-42EE-8B84-5C53C94F552E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54836761-86C0-4240-8A43-D6DECC2BBBDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A584D14-197E-47EB-B394-B8B211D4B502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFA5742-38F2-43BD-9C90-E4F447F55684",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Puppet Dashboard 1.0 anterior a 1.2.5 y Enterprise 1.0 anterior a 1.2.5 y 2.x anterior a 2.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de campos no especificados."
}
],
"id": "CVE-2012-0891",
"lastModified": "2024-11-21T01:35:54.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T16:55:04.567",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}