Lucene search

[email protected]CVE-2013-2275

HistoryMar 20, 2013 - 4:55 p.m.

CVE-2013-2275

2013-03-2016:55:01

[email protected]

web.nvd.nist.gov

cve-2013-2275

puppet

configuration

security

vulnerability

remote authenticated nodes

reports

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.3%

JSON

The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.

Affected configurations

NVD

Node

puppetpuppetMatch2.6.0

puppetpuppetMatch2.6.1

puppetpuppetMatch2.6.2

puppetpuppetMatch2.6.3

puppetpuppetMatch2.6.4

puppetpuppetMatch2.6.5

puppetpuppetMatch2.6.6

puppetpuppetMatch2.6.7

puppetpuppetMatch2.6.8

puppetpuppetMatch2.6.9

puppetpuppetMatch2.6.10

puppetpuppetMatch2.6.11

puppetpuppetMatch2.6.12

puppetpuppetMatch2.6.13

puppetpuppetMatch2.6.14

puppetpuppetMatch2.6.15

puppetpuppetMatch2.6.16

puppetlabspuppetRange≤2.6.17

Node

puppetpuppetMatch2.7.2

puppetpuppetMatch2.7.3

puppetpuppetMatch2.7.4

puppetpuppetMatch2.7.5

puppetpuppetMatch2.7.6

puppetpuppetMatch2.7.7

puppetpuppetMatch2.7.8

puppetpuppetMatch2.7.9

puppetpuppetMatch2.7.10

puppetpuppetMatch2.7.11

puppetpuppetMatch2.7.12

puppetpuppetMatch2.7.13

puppetpuppetMatch2.7.14

puppetpuppetMatch2.7.16

puppetpuppetMatch2.7.17

puppetpuppetMatch2.7.18

puppetlabspuppetMatch2.7.0

puppetlabspuppetMatch2.7.1

puppetlabspuppetMatch2.7.19

puppetlabspuppetMatch2.7.20

puppetlabspuppetMatch2.7.20rc1

Node

puppetpuppet_enterpriseMatch3.1.0

Node

puppetlabspuppetRange≤1.2.6enterprise

Node

puppetpuppet_enterpriseMatch2.7.0

puppetpuppet_enterpriseMatch2.7.1

Node

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch12.10

CPENameOperatorVersion
puppet:puppetpuppeteq2.6.0
puppet:puppetpuppeteq2.6.1
puppet:puppetpuppeteq2.6.2
puppet:puppetpuppeteq2.6.3
puppet:puppetpuppeteq2.6.4
puppet:puppetpuppeteq2.6.5
puppet:puppetpuppeteq2.6.6
puppet:puppetpuppeteq2.6.7
puppet:puppetpuppeteq2.6.8
puppet:puppetpuppeteq2.6.9

CPE	Name	Operator	Version
puppet:puppet	puppet	eq	2.6.0
puppet:puppet	puppet	eq	2.6.1
puppet:puppet	puppet	eq	2.6.2
puppet:puppet	puppet	eq	2.6.3
puppet:puppet	puppet	eq	2.6.4
puppet:puppet	puppet	eq	2.6.5
puppet:puppet	puppet	eq	2.6.6
puppet:puppet	puppet	eq	2.6.7
puppet:puppet	puppet	eq	2.6.8
puppet:puppet	puppet	eq	2.6.9