CVE-2013-2275 — MEDIUM (4.0)

Q: How severe is CVE-2013-2275?

CVE-2013-2275 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-2275?

Check the references section above for vendor advisories and patch information. Affected products include: Puppet Puppet, Puppetlabs Puppet, Puppet Puppet Enterprise, Canonical Ubuntu Linux.

Vulnerability Description

The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.

CVSS Score

4.0

MEDIUM

AV:N/AC:L/Au:S/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Puppet	Puppet	2.6.0
Puppetlabs	Puppet	<= 2.6.17
Puppet	Puppet Enterprise	3.1.0
Canonical	Ubuntu Linux	11.10

References

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0710.htmlThird Party Advisory
http://secunia.com/advisories/52596Third Party Advisory
http://ubuntu.com/usn/usn-1759-1Third Party Advisory
http://www.debian.org/security/2013/dsa-2643Third Party Advisory
http://www.securityfocus.com/bid/58449Third Party AdvisoryVDB Entry
https://puppetlabs.com/security/cve/cve-2013-2275/Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0710.htmlThird Party Advisory
http://secunia.com/advisories/52596Third Party Advisory
http://ubuntu.com/usn/usn-1759-1Third Party Advisory
http://www.debian.org/security/2013/dsa-2643Third Party Advisory
http://www.securityfocus.com/bid/58449Third Party AdvisoryVDB Entry

FAQ

What is CVE-2013-2275?

CVE-2013-2275 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows re...

How severe is CVE-2013-2275?

CVE-2013-2275 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-2275?

Check the references section above for vendor advisories and patch information. Affected products include: Puppet Puppet, Puppetlabs Puppet, Puppet Puppet Enterprise, Canonical Ubuntu Linux.