Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2274

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2013-2274
Last Modified 12 Apr 2013 10:59:38
Published 20 Mar 2013 12:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2013-2274

Summary

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.

Vulnerable Systems

Application

  • Puppetlabs Puppet 1.2

  • Puppetlabs Puppet 2.6.0

  • Puppetlabs Puppet 2.6.1

  • Puppetlabs Puppet 2.6.10

  • Puppetlabs Puppet 2.6.11

  • Puppetlabs Puppet 2.6.12

  • Puppetlabs Puppet 2.6.13

  • Puppetlabs Puppet 2.6.14

  • Puppetlabs Puppet 2.6.15

  • Puppetlabs Puppet 2.6.16

  • Puppetlabs Puppet 2.6.17

  • Puppetlabs Puppet 2.6.2

  • Puppetlabs Puppet 2.6.3

  • Puppetlabs Puppet 2.6.4

  • Puppetlabs Puppet 2.6.5

  • Puppetlabs Puppet 2.6.6

  • Puppetlabs Puppet 2.6.7

  • Puppetlabs Puppet 2.6.8

  • Puppetlabs Puppet 2.6.9


References

CONFIRM - https://puppetlabs.com/security/cve/cve-2013-2274/

BID - 58447

DEBIAN - DSA-2643

SECUNIA - 52596

SUSE - openSUSE-SU-2013:0641

SUSE - SUSE-SU-2013:0618

REDHAT - RHSA-2013:0710


Last Updated: 27 May 2016 11:02:06