PT-2013-1226 · Puppet+1 · Puppet+2
Published
2013-03-20
·
Updated
2022-01-24
·
CVE-2013-1640
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Puppet versions prior to 2.6.18
Puppet versions 2.7.x prior to 2.7.21
Puppet versions 3.1.x prior to 3.1.1
Puppet Enterprise versions prior to 1.2.7
Puppet Enterprise versions 2.7.x prior to 2.7.2
Description
The issue allows remote authenticated users to execute arbitrary code via a crafted catalog request. This can lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out remotely by an attacker who has passed the authentication procedure.
Recommendations
For Puppet versions prior to 2.6.18, update to version 2.6.18 or later.
For Puppet versions 2.7.x prior to 2.7.21, update to version 2.7.21 or later.
For Puppet versions 3.1.x prior to 3.1.1, update to version 3.1.1 or later.
For Puppet Enterprise versions prior to 1.2.7, update to version 1.2.7 or later.
For Puppet Enterprise versions 2.7.x prior to 2.7.2, update to version 2.7.2 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Puppet
Puppet Enterprise
Suse