1. CVE-Search
  2. CVE-2013-1654
ID CVE-2013-1654
Summary Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors. Per http://www.ubuntu.com/usn/usn-1759-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 "
References
Vulnerable Configurations
  • cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.0:-:enterprise:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.0:-:enterprise:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.1:-:enterprise:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.1:-:enterprise:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 10-07-2019 - 17:47)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
redhat via4
advisories
rhsa
id RHSA-2013:0710
rpms
  • puppet-0:2.6.18-1.el6ost
  • puppet-server-0:2.6.18-1.el6ost
refmap via4
bid 64758
confirm https://puppetlabs.com/security/cve/cve-2013-1654/
debian DSA-2643
secunia 52596
suse
  • SUSE-SU-2013:0618
  • openSUSE-SU-2013:0641
ubuntu USN-1759-1
Last major update 10-07-2019 - 17:47
Published 20-03-2013 - 16:55
Last modified 10-07-2019 - 17:47
Back to Top