ID CVE-2013-4761
Summary Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.
References
Vulnerable Configurations
  • cpe:2.3:a:puppet:puppet:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet_enterprise:2.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet_enterprise:2.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet_enterprise:2.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet_enterprise:2.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet_enterprise:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:puppet:puppet_enterprise:3.0.0:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 10-07-2019 - 18:10)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2013:1283
  • rhsa
    id RHSA-2013:1284
rpms
  • facter-0:1.6.6-1.el6_4
  • hiera-0:1.0.0-3.el6_4
  • puppet-0:3.2.4-1.el6_4
  • puppet-server-0:3.2.4-1.el6_4
  • ruby-augeas-0:0.4.1-1.el6_4
  • ruby-augeas-debuginfo-0:0.4.1-1.el6_4
  • ruby-shadow-0:1.4.1-13.el6_4
  • ruby-shadow-debuginfo-0:1.4.1-13.el6_4
  • ruby193-puppet-0:3.1.1-11.1.el6ost
  • ruby193-puppet-server-0:3.1.1-11.1.el6ost
refmap via4
confirm http://puppetlabs.com/security/cve/cve-2013-4761/
debian DSA-2761
suse SUSE-SU-2014:0155
Last major update 10-07-2019 - 18:10
Published 20-08-2013 - 22:55
Last modified 10-07-2019 - 18:10
Back to Top