Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-1640HistoryMar 20, 2013 - 4:55 p.m.
CVE-2013-1640
2013-03-2016:55:00
Debian Security Bug Tracker
security-tracker.debian.org
9
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.024 Low
EPSS
Percentile
89.7%
The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | puppet | < 2.7.18-3 | puppet_2.7.18-3_all.deb |
| Debian | 10 | all | puppet | < 2.7.18-3 | puppet_2.7.18-3_all.deb |
Related
prion
prion
Cross site request forgery (csrf)
2013-03-20 16:55:00
nessus
nessus
Amazon Linux AMI : puppet (ALAS-2013-181)
2013-09-04 00:00:00
Puppet Multiple Vulnerabilities (2013/03/12)
2013-04-26 00:00:00
cve
cve
CVE-2013-1640
2013-03-20 16:55:00
amazon
amazon
Medium: puppet
2013-04-11 17:32:00
ubuntucve
ubuntucve
CVE-2013-1640
2013-03-12 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2013-181)
2015-09-08 00:00:00
Ubuntu: Security Advisory (USN-1759-1)
2013-03-15 00:00:00
Ubuntu Update for puppet USN-1759-1
2013-03-15 00:00:00
freebsd
freebsd
puppet26 -- multiple vulnerabilities
2013-03-13 00:00:00
puppet27 and puppet -- multiple vulnerabilities
2013-03-13 00:00:00
redhat
redhat
(RHSA-2013:0710) Important: puppet security update
2013-04-04 00:00:00
ubuntu
ubuntu
Puppet vulnerabilities
2013-03-12 00:00:00
securityvulns
securityvulns
Puppet multiple security vulnerabilities
2013-03-24 00:00:00
[USN-1759-1] Puppet vulnerabilities
2013-03-24 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: puppet-3.1.1-1.fc18
2013-08-02 03:25:10
[SECURITY] Fedora 17 Update: puppet-2.7.21-2.fc17
2013-03-30 21:31:30
suse
suse
Security update for puppet (important)
2013-04-03 23:07:06
osv
osv
puppet - several issues
2013-03-12 00:00:00
debian
debian
[SECURITY] [DSA 2643-1] puppet security update
2013-03-12 22:48:49
gentoo
gentoo
Puppet: Multiple vulnerabilities
2013-08-23 00:00:00
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.024 Low
EPSS
Percentile
89.7%
Related for DEBIANCVE:CVE-2013-1640