CVE-2013-2275: The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise…

medium4CVSS 3.1

AVNACLAuSCNIPAN

The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.

Affected

47 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	puppet	< puppet 2.7.18-3 (bullseye)	puppet 2.7.18-3 (bullseye)
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—
puppet	puppet	—	—

CVSS provenance

nvd4.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N

osv4.0MEDIUM