CVE-2013-4967 — Enterprise vulnerability

CWE-2554 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 51.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Puppet Enterprise

Timeline

PublishedAug 20

Latest updateMay 14

Description

Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDpuppet/puppet_enterprise3.0.0+6

🔴Vulnerability Details

GHSA

GHSA-6fpw-3pwr-rq86: Puppet Enterprise before 3↗2022-05-14

▶

CVEList

CVE-2013-4967: Puppet Enterprise before 3↗2013-08-20

▶

📋Vendor Advisories

Debian

CVE-2013-4967: puppet - Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database pa...↗2013

▶