1. CVE-Search
  2. CVE-2013-1653
ID CVE-2013-1653
Summary Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request. per http://www.ubuntu.com/usn/usn-1759-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10"
References
Vulnerable Configurations
  • cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.17:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.17:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:1.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:puppetlabs:puppet:1.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:1.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:puppetlabs:puppet:1.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:1.2.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:puppetlabs:puppet:1.2.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:1.2.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:puppetlabs:puppet:1.2.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:1.2.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:puppetlabs:puppet:1.2.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:1.2.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:puppetlabs:puppet:1.2.3:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:1.2.4:*:*:*:enterprise:*:*:*
    cpe:2.3:a:puppetlabs:puppet:1.2.4:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:1.2.5:*:*:*:enterprise:*:*:*
    cpe:2.3:a:puppetlabs:puppet:1.2.5:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:1.2.6:*:*:*:enterprise:*:*:*
    cpe:2.3:a:puppetlabs:puppet:1.2.6:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 10-07-2019 - 18:02)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:S/C:C/I:C/A:C
refmap via4
bid 58446
confirm https://puppetlabs.com/security/cve/cve-2013-1653/
debian DSA-2643
secunia 52596
suse
  • SUSE-SU-2013:0618
  • openSUSE-SU-2013:0641
ubuntu USN-1759-1
Last major update 10-07-2019 - 18:02
Published 20-03-2013 - 16:55
Last modified 10-07-2019 - 18:02
Back to Top