CVE-2013-4956 — Puppet vulnerability

CWE-26410 documents8 sources

Severity

3.6LOWNVD

EPSS

0.1%

top 70.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Puppet Puppet Enterprise Puppetlabs Puppet

Timeline

PublishedAug 20

Latest updateMay 14

Description

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.

CVSS vector

AV:L/AC:L/C:P/I:P/A:NExploitability: 3.9 | Impact: 4.9

Affected Packages4 packages

▶NVDpuppet/puppet_enterprise4 versions+3

▶Debianpuppet/puppet< 3.2.4-1

▶NVDpuppet/puppet21 versions+20

▶NVDpuppetlabs/puppet2.7.0, 2.7.1, 3.2.0+2

🔴Vulnerability Details

GHSA

GHSA-3jgg-vqj7-2c3r: Puppet Module Tool (PMT), as used in Puppet 2↗2022-05-14

▶

CVEList

CVE-2013-4956: Puppet Module Tool (PMT), as used in Puppet 2↗2013-08-20

▶

OSV

CVE-2013-4956: Puppet Module Tool (PMT), as used in Puppet 2↗2013-08-20

▶

📋Vendor Advisories

Ubuntu

Puppet vulnerabilities↗2013-08-15

▶

Red Hat

Puppet: Local Privilege Escalation/Arbitrary Code Execution↗2013-08-15

▶

Debian

CVE-2013-4956: puppet - Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before...↗2013

▶

💬Community

Bugzilla

CVE-2013-4761 CVE-2013-4956 puppet: various flaws [fedora-all]↗2013-08-15

▶

Bugzilla

CVE-2013-4761 Puppet: resource_type service code execution↗2013-08-14

▶

Bugzilla

CVE-2013-4956 Puppet: Local Privilege Escalation/Arbitrary Code Execution↗2013-08-14

▶