1. CVE-Search
  2. CVE-2013-2275
ID CVE-2013-2275
Summary The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors. Per http://www.ubuntu.com/usn/usn-1759-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10"
References
Vulnerable Configurations
  • cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:0.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:0.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:0.25.1:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:0.25.1:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:0.25.2:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:0.25.2:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:0.25.3:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:0.25.3:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:0.25.4:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:0.25.4:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:0.25.5:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:0.25.5:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:0.25.6:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:0.25.6:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:1.0:-:enterprise:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:1.0:-:enterprise:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:1.1:-:enterprise:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:1.1:-:enterprise:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:1.2:-:enterprise:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:1.2:-:enterprise:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.0.0:-:enterprise:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.0.0:-:enterprise:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.0.1:-:enterprise:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.0.1:-:enterprise:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.0.2:-:enterprise:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.0.2:-:enterprise:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.0.3:-:enterprise:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.0.3:-:enterprise:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.5.1:-:enterprise:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.5.1:-:enterprise:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.5.2:-:enterprise:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.5.2:-:enterprise:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.10:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.10:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.11:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.11:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.12:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.12:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.13:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.13:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.14:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.14:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.15:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.15:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.6.16:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.6.16:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*
    cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 10-07-2019 - 18:02)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:P/A:N
redhat via4
advisories
rhsa
id RHSA-2013:0710
rpms
  • puppet-0:2.6.18-1.el6ost
  • puppet-server-0:2.6.18-1.el6ost
refmap via4
bid 58449
confirm https://puppetlabs.com/security/cve/cve-2013-2275/
debian DSA-2643
secunia 52596
suse
  • SUSE-SU-2013:0618
  • openSUSE-SU-2013:0641
ubuntu USN-1759-1
Last major update 10-07-2019 - 18:02
Published 20-03-2013 - 16:55
Last modified 10-07-2019 - 18:02
Back to Top