Lucene search

[email protected]CVE-2013-1652

HistoryMar 20, 2013 - 4:55 p.m.

CVE-2013-1652

2013-03-2016:55:01

CWE-264

[email protected]

web.nvd.nist.gov

puppet

security

vulnerability

cve-2013-1652

remote authentication

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.2%

JSON

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master’s cache via unspecified vectors.

Affected configurations

NVD

Node

puppetlabspuppetRange≤2.6.17

Node

puppetpuppetMatch2.7.2

puppetpuppetMatch2.7.3

puppetpuppetMatch2.7.4

puppetpuppetMatch2.7.5

puppetpuppetMatch2.7.6

puppetpuppetMatch2.7.7

puppetpuppetMatch2.7.8

puppetpuppetMatch2.7.9

puppetpuppetMatch2.7.10

puppetpuppetMatch2.7.11

puppetpuppetMatch2.7.12

puppetpuppetMatch2.7.13

puppetpuppetMatch2.7.14

puppetpuppetMatch2.7.16

puppetpuppetMatch2.7.17

puppetpuppetMatch2.7.18

puppetlabspuppetMatch2.7.0

puppetlabspuppetMatch2.7.1

puppetlabspuppetMatch2.7.19

puppetlabspuppetMatch2.7.20

puppetlabspuppetMatch2.7.20rc1

Node

puppetpuppet_enterpriseMatch3.1.0

Node

puppetlabspuppetRange≤1.2.6enterprise

Node

puppetpuppet_enterpriseMatch2.7.0

puppetpuppet_enterpriseMatch2.7.1

Node

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch12.10

CPENameOperatorVersion
puppetlabs:puppetpuppetlabs puppetle2.6.17

CPE	Name	Operator	Version
puppetlabs:puppet	puppetlabs puppet	le	2.6.17

References

lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html

lists.opensuse.org/opensuse-updates/2013-04/msg00056.html

rhn.redhat.com/errata/RHSA-2013-0710.html

secunia.com/advisories/52596

ubuntu.com/usn/usn-1759-1

www.debian.org/security/2013/dsa-2643

www.securityfocus.com/bid/58443

puppetlabs.com/security/cve/cve-2013-1652/

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.2%

JSON

Related for CVE-2013-1652

debiancve1 cvelist1 nvd1 ubuntucve1 prion1 nessus10 freebsd2 securityvulns2 openvas10 redhat1 ubuntu1 fedora2 suse1 debian1 osv1 gentoo1