CVE-2013-4761Puppet vulnerability

11 documents8 sources
Severity
5.1MEDIUMNVD
EPSS
0.6%
top 29.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
PuppetPuppet EnterprisePuppetlabs Puppet
Timeline
PublishedAug 20
Latest updateOct 24

Description

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages5 packages

NVDpuppet/puppet_enterprise4 versions+3
RubyGemspuppet/puppet2.7.02.7.23+1
Debianpuppet/puppet< 3.2.4-1
NVDpuppet/puppet4 versions+3
NVDpuppetlabs/puppet2.7.0, 2.7.1, 3.2.0+2

🔴Vulnerability Details

4
GHSA
Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service2017-10-24
OSV
Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service2017-10-24
CVEList
CVE-2013-4761: Unspecified vulnerability in Puppet 22013-08-20
OSV
CVE-2013-4761: Unspecified vulnerability in Puppet 22013-08-20

📋Vendor Advisories

3
Ubuntu
Puppet vulnerabilities2013-08-15
Red Hat
Puppet: resource_type service code execution2013-08-15
Debian
CVE-2013-4761: puppet - Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, ...2013

💬Community

3
Bugzilla
CVE-2013-4761 CVE-2013-4956 puppet: various flaws [fedora-all]2013-08-15
Bugzilla
CVE-2013-4761 Puppet: resource_type service code execution2013-08-14
Bugzilla
CVE-2013-4956 Puppet: Local Privilege Escalation/Arbitrary Code Execution2013-08-14
CVE-2013-4761 — Puppet vulnerability | cvebase