Lucene search
RedhatCVE-2013-0210HistoryMay 08, 2014 - 2:29 p.m.
CVE-2013-0210
2014-05-0814:29:07
CWE-94
redhat
web.nvd.nist.gov
28
cve-2013-0210
smart proxy
puppet run api
foreman
security vulnerability
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.8
Confidence
Low
EPSS
0.003
Percentile
68.8%
The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands.
Affected configurations
Node
theforemanforemanRange≤1.0
ORtheforemanforemanMatch0.1
ORtheforemanforemanMatch0.2
ORtheforemanforemanMatch0.3
ORtheforemanforemanMatch0.4
ORtheforemanforemanMatch0.4.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| theforeman | foreman | * | cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:* |
| theforeman | foreman | 0.1 | cpe:2.3:a:theforeman:foreman:0.1:*:*:*:*:*:*:* |
| theforeman | foreman | 0.2 | cpe:2.3:a:theforeman:foreman:0.2:*:*:*:*:*:*:* |
| theforeman | foreman | 0.3 | cpe:2.3:a:theforeman:foreman:0.3:*:*:*:*:*:*:* |
| theforeman | foreman | 0.4 | cpe:2.3:a:theforeman:foreman:0.4:*:*:*:*:*:*:* |
| theforeman | foreman | 0.4.1 | cpe:2.3:a:theforeman:foreman:0.4.1:*:*:*:*:*:*:* |
References
Related
cvelist
cvelist
CVE-2013-0210
2014-05-08 14:00:00
prion
prion
Command injection
2014-05-08 14:29:00
nvd
nvd
CVE-2013-0210
2014-05-08 14:29:07
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.8
Confidence
Low
EPSS
0.003
Percentile
68.8%
Related for CVE-2013-0210