CVE-2013-2274

2013-03-2016:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve

information security

puppet

code execution

remote authentication

nvd

7 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.9%

JSON

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.

CPENameOperatorVersion
puppetlabs:puppetpuppetlabs puppeteq2.6.17
puppet:puppetpuppeteq2.6.0
puppet:puppetpuppeteq2.6.1
puppet:puppetpuppeteq2.6.2
puppet:puppetpuppeteq2.6.3
puppet:puppetpuppeteq2.6.4
puppet:puppetpuppeteq2.6.5
puppet:puppetpuppeteq2.6.6
puppet:puppetpuppeteq2.6.7
puppet:puppetpuppeteq2.6.8

CPE	Name	Operator	Version
puppetlabs:puppet	puppetlabs puppet	eq	2.6.17
puppet:puppet	puppet	eq	2.6.0
puppet:puppet	puppet	eq	2.6.1
puppet:puppet	puppet	eq	2.6.2
puppet:puppet	puppet	eq	2.6.3
puppet:puppet	puppet	eq	2.6.4
puppet:puppet	puppet	eq	2.6.5
puppet:puppet	puppet	eq	2.6.6
puppet:puppet	puppet	eq	2.6.7
puppet:puppet	puppet	eq	2.6.8