Lucene search

[email protected]NVD:CVE-2013-2274

HistoryMar 20, 2013 - 4:55 p.m.

CVE-2013-2274

2013-03-2016:55:01

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.

Affected configurations

NVD

Node

puppetpuppetMatch2.6.0

puppetpuppetMatch2.6.1

puppetpuppetMatch2.6.2

puppetpuppetMatch2.6.3

puppetpuppetMatch2.6.4

puppetpuppetMatch2.6.5

puppetpuppetMatch2.6.6

puppetpuppetMatch2.6.7

puppetpuppetMatch2.6.8

puppetpuppetMatch2.6.9

puppetpuppetMatch2.6.10

puppetpuppetMatch2.6.11

puppetpuppetMatch2.6.12

puppetpuppetMatch2.6.13

puppetpuppetMatch2.6.14

puppetpuppetMatch2.6.15

puppetpuppetMatch2.6.16

puppetlabspuppetMatch2.6.17

Node

puppetpuppet_enterpriseMatch1.2.0

References

lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html

lists.opensuse.org/opensuse-updates/2013-04/msg00056.html

rhn.redhat.com/errata/RHSA-2013-0710.html

secunia.com/advisories/52596

www.debian.org/security/2013/dsa-2643

www.securityfocus.com/bid/58447

puppetlabs.com/security/cve/cve-2013-2274/

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

Related for NVD:CVE-2013-2274

cve1 prion1 ubuntucve1 cvelist1 debiancve1 nessus5 freebsd1 redhat1 openvas8 fedora2 suse1 debian1 osv1 gentoo1