CVE-2013-1640
published 2013-03-20CVE-2013-1640: The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet…
critical9CVSS 3.1
AVNACLAuSCCICAC
The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | puppet | < puppet 2.7.18-3 (bullseye) | puppet 2.7.18-3 (bullseye) |
| puppet | puppet | < 2.6.18 | 2.6.18 |
| puppet | puppet | — | — |
| puppet | puppet | >= 0 < 2.7.18-3 | 2.7.18-3 |
| puppet | puppet | >= 2.7.0 < 2.7.21 | 2.7.21 |
| puppet | puppet_enterprise | < 1.2.7 | 1.2.7 |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
CVSS provenance
nvd9.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv9.0CRITICAL