Vulnerability Description
Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Puppet | Puppet | 2.6.0 |
| Puppetlabs | Puppet | 2.6.17 |
| Puppet | Puppet Enterprise | 1.2.0 |
References
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
- http://rhn.redhat.com/errata/RHSA-2013-0710.html
- http://secunia.com/advisories/52596Vendor Advisory
- http://www.debian.org/security/2013/dsa-2643
- http://www.securityfocus.com/bid/58447
- https://puppetlabs.com/security/cve/cve-2013-2274/Vendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
- http://rhn.redhat.com/errata/RHSA-2013-0710.html
- http://secunia.com/advisories/52596Vendor Advisory
- http://www.debian.org/security/2013/dsa-2643
- http://www.securityfocus.com/bid/58447
- https://puppetlabs.com/security/cve/cve-2013-2274/Vendor Advisory
FAQ
What is CVE-2013-2274?
CVE-2013-2274 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafte...
How severe is CVE-2013-2274?
CVE-2013-2274 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2274?
Check the references section above for vendor advisories and patch information. Affected products include: Puppet Puppet, Puppetlabs Puppet, Puppet Puppet Enterprise.