CVE-2013-2274 — Puppet vulnerability

8 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

1.9%

top 16.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Puppet Puppet Enterprise Puppetlabs Puppet

Timeline

PublishedMar 20

Latest updateMay 14

Description

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages4 packages

▶NVDpuppet/puppet_enterprise1.2.0

▶Debianpuppet/puppet< 2.7-1

▶NVDpuppet/puppet17 versions+16

▶NVDpuppetlabs/puppet2.6.17

🔴Vulnerability Details

GHSA

GHSA-8wjv-x2mj-6x2c: Puppet 2↗2022-05-14

▶

OSV

CVE-2013-2274: Puppet 2↗2013-03-20

▶

CVEList

CVE-2013-2274: Puppet 2↗2013-03-20

▶

📋Vendor Advisories

Red Hat

Puppet: HTTP PUT report saving code execution vulnerability↗2013-03-12

▶

Debian

CVE-2013-2274: puppet - Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remot...↗2013

▶

💬Community

Bugzilla

CVE-2013-1640 CVE-2013-1652 CVE-2013-1654 CVE-2013-2274 CVE-2013-2275 puppet various flaws [epel-all]↗2013-03-12

▶

Bugzilla

CVE-2013-2274 Puppet: HTTP PUT report saving code execution vulnerability↗2013-03-10

▶