CVE-2013-2275 — Puppet vulnerability

10 documents8 sources

Severity

4.0MEDIUMNVD

EPSS

0.4%

top 40.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Puppet Puppetlabs Puppet Canonical Ubuntu Linux +1 more

Timeline

PublishedMar 20

Latest updateMay 14

Description

The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages4 packages

▶NVDpuppet/puppet_enterprise2.7.0, 2.7.1, 3.1.0+2

▶Debianpuppet/puppet< 2.7.18-3

▶NVDpuppetlabs/puppet2.6.17+5

▶NVDpuppet/puppet33 versions+32

Also affects: Ubuntu Linux 11.10, 12.04, 12.10

🔴Vulnerability Details

GHSA

GHSA-wwmg-4q3j-qc4f: The default configuration for puppet masters 0↗2022-05-14

▶

OSV

CVE-2013-2275: The default configuration for puppet masters 0↗2013-03-20

▶

CVEList

CVE-2013-2275: The default configuration for puppet masters 0↗2013-03-20

▶

📋Vendor Advisories

Ubuntu

Puppet vulnerabilities↗2013-03-12

▶

Red Hat

Puppet: default auth.conf allows authenticated node to submit a report for any other node↗2013-03-12

▶

Debian

CVE-2013-2275: puppet - The default configuration for puppet masters 0.25.0 and later in Puppet before 2...↗2013

▶

💬Community

Bugzilla

CVE-2013-1640 CVE-2013-1652 CVE-2013-1654 CVE-2013-2274 CVE-2013-2275 puppet various flaws [epel-all]↗2013-03-12

▶

Bugzilla

CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654 CVE-2013-1655 CVE-2013-2275 puppet various flaws [fedora-all]↗2013-03-12

▶

Bugzilla

CVE-2013-2275 Puppet: default auth.conf allows authenticated node to submit a report for any other node↗2013-03-10

▶