CVE-2013-1652: Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users…

medium4.9CVSS 3.1

AVNACMAuSCPIPAN

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.

Affected

30 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	puppet	< puppet 2.7.18-3 (bullseye)	puppet 2.7.18-3 (bullseye)
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	>= 0 < 2.7.18-3	2.7.18-3
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—
puppetlabs	puppet	<= 2.6.17	—

CVSS provenance

nvd4.9MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:N

osv4.9MEDIUM