Vulnerability Description
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Puppet | Puppet | 3.2.1 |
| Puppetlabs | Puppet | 3.2.0 |
| Puppet | Puppet Enterprise | 2.8.0 |
References
- http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html
- http://puppetlabs.com/security/cve/cve-2013-4761/Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1283.html
- http://rhn.redhat.com/errata/RHSA-2013-1284.html
- http://www.debian.org/security/2013/dsa-2761
- http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html
- http://puppetlabs.com/security/cve/cve-2013-4761/Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1283.html
- http://rhn.redhat.com/errata/RHSA-2013-1284.html
- http://www.debian.org/security/2013/dsa-2761
FAQ
What is CVE-2013-4761?
CVE-2013-4761 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby progr...
How severe is CVE-2013-4761?
CVE-2013-4761 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4761?
Check the references section above for vendor advisories and patch information. Affected products include: Puppet Puppet, Puppetlabs Puppet, Puppet Puppet Enterprise.