Lucene search

K

[email protected]NVD:CVE-2013-1640

HistoryMar 20, 2013 - 4:55 p.m.

CVE-2013-1640

2013-03-2016:55:01

[email protected]

web.nvd.nist.gov

1

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.024 Low

EPSS

Percentile

89.9%

The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.

Affected configurations

NVD

Node

puppetpuppetRange<2.6.18

Node

puppetpuppetRange2.7.0–2.7.21

Node

puppetpuppetMatch3.1.0

Node

puppetpuppet_enterpriseRange<1.2.7

Node

puppetpuppet_enterpriseMatch2.7.0

OR

puppetpuppet_enterpriseMatch2.7.1

Node

canonicalubuntu_linuxMatch11.10

OR

canonicalubuntu_linuxMatch12.04lts

OR

canonicalubuntu_linuxMatch12.10

References

lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html

lists.opensuse.org/opensuse-updates/2013-04/msg00056.html

rhn.redhat.com/errata/RHSA-2013-0710.html

secunia.com/advisories/52596

ubuntu.com/usn/usn-1759-1

www.debian.org/security/2013/dsa-2643

puppetlabs.com/security/cve/cve-2013-1640/

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.024 Low

EPSS

Percentile

89.9%

Related for NVD:CVE-2013-1640

prion1 nessus11 amazon1 cve1 cvelist1 debiancve1 ubuntucve1 openvas11 freebsd2 securityvulns2 redhat1 ubuntu1 fedora2 suse1 debian1 osv1 gentoo1