gsd - gsd-2013-2274

gsd-2013-2274

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.

Aliases

CVE-2013-2274

Aliases

CVE-2013-2274

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-2274",
    "description": "Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.",
    "id": "GSD-2013-2274",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-2274.html",
      "https://www.debian.org/security/2013/dsa-2643",
      "https://access.redhat.com/errata/RHSA-2013:0710"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-2274"
      ],
      "details": "Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.",
      "id": "GSD-2013-2274",
      "modified": "2023-12-13T01:22:18.306814Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-2274",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "SUSE-SU-2013:0618",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"
          },
          {
            "name": "RHSA-2013:0710",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html"
          },
          {
            "name": "DSA-2643",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2013/dsa-2643"
          },
          {
            "name": "58447",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/58447"
          },
          {
            "name": "https://puppetlabs.com/security/cve/cve-2013-2274/",
            "refsource": "CONFIRM",
            "url": "https://puppetlabs.com/security/cve/cve-2013-2274/"
          },
          {
            "name": "52596",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/52596"
          },
          {
            "name": "openSUSE-SU-2013:0641",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppetlabs:puppet:2.6.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-2274"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "52596",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/52596"
            },
            {
              "name": "DSA-2643",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2013/dsa-2643"
            },
            {
              "name": "https://puppetlabs.com/security/cve/cve-2013-2274/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://puppetlabs.com/security/cve/cve-2013-2274/"
            },
            {
              "name": "58447",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/58447"
            },
            {
              "name": "openSUSE-SU-2013:0641",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"
            },
            {
              "name": "SUSE-SU-2013:0618",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"
            },
            {
              "name": "RHSA-2013:0710",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-07-10T18:02Z",
      "publishedDate": "2013-03-20T16:55Z"
    }
  }
}

cve-2013-2274

Vulnerability from cvelistv5

Published

2013-03-20 16:00

Modified

2024-08-06 15:27

Severity ?

Summary

References

▼	URL	Tags
	http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2013-0710.html	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2013/dsa-2643	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/58447	vdb-entry, x_refsource_BID
	https://puppetlabs.com/security/cve/cve-2013-2274/	x_refsource_CONFIRM
	http://secunia.com/advisories/52596	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html	vendor-advisory, x_refsource_SUSE

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website