1. CVE-Search
  2. CVE-2013-2274
ID CVE-2013-2274
Summary Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.
References
Vulnerable Configurations
  • cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.17:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.17:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 10-07-2019 - 18:02)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2013:0710
rpms
  • puppet-0:2.6.18-1.el6ost
  • puppet-server-0:2.6.18-1.el6ost
refmap via4
bid 58447
confirm https://puppetlabs.com/security/cve/cve-2013-2274/
debian DSA-2643
secunia 52596
suse
  • SUSE-SU-2013:0618
  • openSUSE-SU-2013:0641
Last major update 10-07-2019 - 18:02
Published 20-03-2013 - 16:55
Last modified 10-07-2019 - 18:02
Back to Top