Lucene search
HistoryMar 20, 2013 - 4:55 p.m.
CVE-2013-1655
cve-2013-1655
puppet
remote code execution
serialized attributes
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.1 High
AI Score
Confidence
High
0.096 Low
EPSS
Percentile
94.8%
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to “serialized attributes.”
Affected configurations
Node
puppetpuppetMatch2.7.2
ORpuppetpuppetMatch2.7.3
ORpuppetpuppetMatch2.7.4
ORpuppetpuppetMatch2.7.5
ORpuppetpuppetMatch2.7.6
ORpuppetpuppetMatch2.7.7
ORpuppetpuppetMatch2.7.8
ORpuppetpuppetMatch2.7.9
ORpuppetpuppetMatch2.7.10
ORpuppetpuppetMatch2.7.11
ORpuppetpuppetMatch2.7.12
ORpuppetpuppetMatch2.7.13
ORpuppetpuppetMatch2.7.14
ORpuppetpuppetMatch2.7.16
ORpuppetpuppetMatch2.7.17
ORpuppetpuppetMatch2.7.18
ORpuppetpuppet_enterpriseMatch3.1.0
ORpuppetlabspuppetMatch2.7.0
ORpuppetlabspuppetMatch2.7.1
ORpuppetlabspuppetMatch2.7.19
ORpuppetlabspuppetMatch2.7.20
ORpuppetlabspuppetMatch2.7.20rc1
ruby-langrubyMatch1.9
ORruby-langrubyMatch1.9.1
ORruby-langrubyMatch1.9.2
ORruby-langrubyMatch1.9.3
ORruby-langrubyMatch1.9.3p0
ORruby-langrubyMatch1.9.3p125
ORruby-langrubyMatch1.9.3p194
ORruby-langrubyMatch1.9.3p286
ORruby-langrubyMatch1.9.3p383
ORruby-langrubyMatch2.0
ORruby-langrubyMatch2.0.0
ORruby-langrubyMatch2.0.0rc1
ORruby-langrubyMatch2.0.0rc2
Related
github
github
Puppet Improper Input Validation vulnerability
2017-10-24 18:33:37
ubuntucve
ubuntucve
CVE-2013-1655
2013-03-12 00:00:00
osv
osv
Puppet Improper Input Validation vulnerability
2017-10-24 18:33:37
puppet - several issues
2013-03-12 00:00:00
prion
prion
Code injection
2013-03-20 16:55:00
cvelist
cvelist
CVE-2013-1655
2013-03-20 16:00:00
nvd
nvd
CVE-2013-1655
2013-03-20 16:55:01
nessus
nessus
Puppet Unsafe YAML Unserialization
2013-04-26 00:00:00
Ubuntu 11.10 / 12.04 LTS / 12.10 : puppet vulnerabilities (USN-1759-1)
2013-03-13 00:00:00
Fedora 17 : puppet-2.7.21-2.fc17 (2013-4187)
2013-04-01 00:00:00
debiancve
debiancve
CVE-2013-1655
2013-03-20 16:55:01
securityvulns
securityvulns
Puppet multiple security vulnerabilities
2013-03-24 00:00:00
[USN-1759-1] Puppet vulnerabilities
2013-03-24 00:00:00
openvas
openvas
Ubuntu Update for puppet USN-1759-1
2013-03-15 00:00:00
Ubuntu: Security Advisory (USN-1759-1)
2013-03-15 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:0618-1)
2021-06-09 00:00:00
ubuntu
ubuntu
Puppet vulnerabilities
2013-03-12 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: puppet-3.1.1-1.fc18
2013-08-02 03:25:10
[SECURITY] Fedora 17 Update: puppet-2.7.21-2.fc17
2013-03-30 21:31:30
freebsd
freebsd
puppet27 and puppet -- multiple vulnerabilities
2013-03-13 00:00:00
suse
suse
Security update for puppet (important)
2013-04-03 23:07:06
debian
debian
[SECURITY] [DSA 2643-1] puppet security update
2013-03-12 22:48:19
gentoo
gentoo
Puppet: Multiple vulnerabilities
2013-08-23 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0008
2021-04-13 00:00:00
Important Photon OS Security Update - PHSA-2021-4.0-0008
2021-04-13 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.1 High
AI Score
Confidence
High
0.096 Low
EPSS
Percentile
94.8%
Related for CVE-2013-1655