Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2013-181
HistoryApr 11, 2013 - 5:32 p.m.

Medium: puppet

2013-04-1117:32:00
alas.aws.amazon.com
11

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.7%

JSON

Issue Overview:

The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.

Affected Packages:

puppet

Issue Correction:
Run yum update puppet to update your system.

New Packages:

i686:  
    puppet-debuginfo-2.7.21-2.11.amzn1.i686  
    puppet-server-2.7.21-2.11.amzn1.i686  
    puppet-2.7.21-2.11.amzn1.i686  
  
src:  
    puppet-2.7.21-2.11.amzn1.src  
  
x86_64:  
    puppet-debuginfo-2.7.21-2.11.amzn1.x86_64  
    puppet-2.7.21-2.11.amzn1.x86_64  
    puppet-server-2.7.21-2.11.amzn1.x86_64

Additional References

Red Hat: CVE-2013-1640

Mitre: CVE-2013-1640

Related

prion 1
nessus 11
cve 1
debiancve 1
ubuntucve 1
openvas 11
freebsd 2
redhat 1
ubuntu 1
securityvulns 2
fedora 2
suse 1
osv 1
debian 1
gentoo 1
prion
prion
Cross site request forgery (csrf)
2013-03-20 16:55:00
nessus
nessus
Amazon Linux AMI : puppet (ALAS-2013-181)
2013-09-04 00:00:00
Puppet Multiple Vulnerabilities (2013/03/12)
2013-04-26 00:00:00
FreeBSD : puppet26 -- multiple vulnerabilities (04042f95-14b8-4382-a8b9-b30e365776cf)
2013-03-14 00:00:00
cve
cve
CVE-2013-1640
2013-03-20 16:55:00
debiancve
debiancve
CVE-2013-1640
2013-03-20 16:55:00
ubuntucve
ubuntucve
CVE-2013-1640
2013-03-12 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2013-181)
2015-09-08 00:00:00
Ubuntu Update for puppet USN-1759-1
2013-03-15 00:00:00
Ubuntu: Security Advisory (USN-1759-1)
2013-03-15 00:00:00
freebsd
freebsd
puppet26 -- multiple vulnerabilities
2013-03-13 00:00:00
puppet27 and puppet -- multiple vulnerabilities
2013-03-13 00:00:00
redhat
redhat
(RHSA-2013:0710) Important: puppet security update
2013-04-04 00:00:00
ubuntu
ubuntu
Puppet vulnerabilities
2013-03-12 00:00:00
securityvulns
securityvulns
Puppet multiple security vulnerabilities
2013-03-24 00:00:00
[USN-1759-1] Puppet vulnerabilities
2013-03-24 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: puppet-3.1.1-1.fc18
2013-08-02 03:25:10
[SECURITY] Fedora 17 Update: puppet-2.7.21-2.fc17
2013-03-30 21:31:30
suse
suse
Security update for puppet (important)
2013-04-03 23:07:06
osv
osv
puppet - several issues
2013-03-12 00:00:00
debian
debian
[SECURITY] [DSA 2643-1] puppet security update
2013-03-12 22:48:19
gentoo
gentoo
Puppet: Multiple vulnerabilities
2013-08-23 00:00:00

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.7%

JSON
Related for ALAS-2013-181
prion1nessus11cve1debiancve1ubuntucve1openvas11freebsd2redhat1ubuntu1securityvulns2fedora2suse1osv1debian1gentoo1