CVE-2012-0891 - Vulnerability Details

Vendors	Products
Puppet	Puppet Dashboard Puppet Enterprise

Link	Providers
http://puppetlabs.com/security/cve/cve-2012-0891

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-01-23T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-03-14T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://puppetlabs.com/security/cve/cve-2012-0891"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-0891", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://puppetlabs.com/security/cve/cve-2012-0891", "refsource": "CONFIRM", "url": "http://puppetlabs.com/security/cve/cve-2012-0891"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:38:15.060Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://puppetlabs.com/security/cve/cve-2012-0891"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-0891", "datePublished": "2014-03-14T16:00:00", "dateReserved": "2012-01-20T00:00:00", "dateUpdated": "2024-08-06T18:38:15.060Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2012-01-23T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2014-03-14T15:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://puppetlabs.com/security/cve/cve-2012-0891 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2012-0891 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://puppetlabs.com/security/cve/cve-2012-0891 (string)

refsource : CONFIRM (string)

url : http://puppetlabs.com/security/cve/cve-2012-0891 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T18:38:15.060Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://puppetlabs.com/security/cve/cve-2012-0891 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2012-0891 (string)

datePublished : 2014-03-14T16:00:00 (string)

dateReserved : 2012-01-20T00:00:00 (string)

dateUpdated : 2024-08-06T18:38:15.060Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "68EBEE5C-A39B-4F8E-A005-11327D639C64", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E85933FC-0433-45FB-A7D6-E3298B947E0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "BE296ACD-1869-45E5-88AB-DEFB47C55989", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6036A3DB-95E6-4EF9-B45F-C483D0D6D4B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B6FA405-C453-4008-9DFC-A46AFA5C6D7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B6A088-F3D5-44B5-9469-CBAE8715B13A", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B6016EF1-335F-4042-ACFD-9B518217D448", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "73176F23-F996-454F-9123-96FC9392C1EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "86584240-8AB6-4ABC-94BB-037D37A74AA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "8F17DBFE-D13E-4AF0-9F93-918BE2BE649F", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "926CFE0B-57A0-42EE-8B84-5C53C94F552E", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "54836761-86C0-4240-8A43-D6DECC2BBBDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A584D14-197E-47EB-B394-B8B211D4B502", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CCFA5742-38F2-43BD-9C90-E4F447F55684", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en Puppet Dashboard 1.0 anterior a 1.2.5 y Enterprise 1.0 anterior a 1.2.5 y 2.x anterior a 2.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de campos no especificados."}], "id": "CVE-2012-0891", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-03-14T16:55:04.567", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://puppetlabs.com/security/cve/cve-2012-0891"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://puppetlabs.com/security/cve/cve-2012-0891"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:puppet:puppet_dashboard:1.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 68EBEE5C-A39B-4F8E-A005-11327D639C64 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:puppet:puppet_dashboard:1.0.3:*:*:*:*:*:*:* (string)

matchCriteriaId : E85933FC-0433-45FB-A7D6-E3298B947E0D (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:puppet:puppet_dashboard:1.0.4:*:*:*:*:*:*:* (string)

matchCriteriaId : BE296ACD-1869-45E5-88AB-DEFB47C55989 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:puppet:puppet_dashboard:1.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6036A3DB-95E6-4EF9-B45F-C483D0D6D4B4 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:puppet:puppet_dashboard:1.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 5B6FA405-C453-4008-9DFC-A46AFA5C6D7F (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:puppet:puppet_dashboard:1.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 62B6A088-F3D5-44B5-9469-CBAE8715B13A (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:puppet:puppet_dashboard:1.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : B6016EF1-335F-4042-ACFD-9B518217D448 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:puppet:puppet_dashboard:1.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 73176F23-F996-454F-9123-96FC9392C1EE (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:puppet:puppet_dashboard:1.2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 86584240-8AB6-4ABC-94BB-037D37A74AA6 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:puppet:puppet_dashboard:1.2.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 8F17DBFE-D13E-4AF0-9F93-918BE2BE649F (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:puppet:puppet_enterprise:1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 926CFE0B-57A0-42EE-8B84-5C53C94F552E (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:puppet:puppet_enterprise:1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 54836761-86C0-4240-8A43-D6DECC2BBBDA (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 0A584D14-197E-47EB-B394-B8B211D4B502 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : CCFA5742-38F2-43BD-9C90-E4F447F55684 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields. (string)

}

1 : { »

lang : es (string)

value : Múltiples vulnerabilidades de XSS en Puppet Dashboard 1.0 anterior a 1.2.5 y Enterprise 1.0 anterior a 1.2.5 y 2.x anterior a 2.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de campos no especificados. (string)

}

]

id : CVE-2012-0891 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2014-03-14T16:55:04.567 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://puppetlabs.com/security/cve/cve-2012-0891 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://puppetlabs.com/security/cve/cve-2012-0891 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object