Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-3567HistoryAug 19, 2013 - 11:55 p.m.
CVE-2013-3567
2013-08-1923:55:00
Debian Security Bug Tracker
security-tracker.debian.org
7
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.223 Low
EPSS
Percentile
96.5%
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | puppet | < 3.2.2-1 | puppet_3.2.2-1_all.deb |
| Debian | 10 | all | puppet | < 3.2.2-1 | puppet_3.2.2-1_all.deb |
Related
nessus
nessus
SuSE 11.2 / 11.3 Security Update : puppet / puppet, puppet-server (SAT Patch Numbers 8131 / 8132)
2013-08-07 00:00:00
FreeBSD : puppet -- Unauthenticated Remote Code Execution Vulnerability (b162b218-c547-4ba2-ae31-6fdcb61bc763)
2013-06-23 00:00:00
Puppet Unauthenticated Remote Code Execution
2013-10-28 00:00:00
securityvulns
securityvulns
puppet code exeuction
2013-07-01 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2013:1304-1)
2021-06-09 00:00:00
Ubuntu: Security Advisory (USN-1886-1)
2013-06-24 00:00:00
Mageia: Security Advisory (MGASA-2013-0187)
2022-01-28 00:00:00
amazon
amazon
Critical: puppet
2013-07-12 15:57:00
suse
suse
Security update for puppet (critical)
2013-08-06 20:04:12
puppet: security fix for YAML support (critical)
2013-08-22 15:04:10
osv
osv
Puppet Improper Input Validation vulnerability
2017-10-24 18:33:37
debian
debian
[SECURITY] [DSA 2715-1] puppet security update
2013-06-26 20:26:25
mageia
mageia
Updated puppet packages fix remote code execution vulnerability
2013-06-26 22:36:33
ubuntucve
ubuntucve
CVE-2013-3567
2013-06-18 00:00:00
github
github
Puppet Improper Input Validation vulnerability
2017-10-24 18:33:37
prion
prion
Improper access control
2013-08-19 23:55:00
veracode
veracode
Arbitrary Code Execution Through REST API Call
2019-01-15 08:59:44
freebsd
freebsd
puppet -- Unauthenticated Remote Code Execution Vulnerability
2013-06-13 00:00:00
cve
cve
CVE-2013-3567
2013-08-19 23:55:00
ubuntu
ubuntu
Puppet vulnerability
2013-06-18 00:00:00
redhat
redhat
(RHSA-2013:1283) Moderate: puppet security update
2013-09-24 00:00:00
(RHSA-2013:1284) Critical: ruby193-puppet security update
2013-09-24 00:00:00
gentoo
gentoo
Puppet: Multiple vulnerabilities
2013-08-23 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.223 Low
EPSS
Percentile
96.5%
Related for DEBIANCVE:CVE-2013-3567