Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2013-181
HistoryApr 11, 2013 - 5:32 p.m.

Medium: puppet

2013-04-1117:32:00
alas.aws.amazon.com
14

0.024 Low

EPSS

Percentile

89.8%

JSON

Issue Overview:

The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.

Affected Packages:

puppet

Issue Correction:
Run yum update puppet to update your system.

New Packages:

i686:  
    puppet-debuginfo-2.7.21-2.11.amzn1.i686  
    puppet-server-2.7.21-2.11.amzn1.i686  
    puppet-2.7.21-2.11.amzn1.i686  
  
src:  
    puppet-2.7.21-2.11.amzn1.src  
  
x86_64:  
    puppet-debuginfo-2.7.21-2.11.amzn1.x86_64  
    puppet-2.7.21-2.11.amzn1.x86_64  
    puppet-server-2.7.21-2.11.amzn1.x86_64

Additional References

Red Hat: CVE-2013-1640

Mitre: CVE-2013-1640

Related

prion 1
nessus 10
cvelist 1
cve 1
debiancve 1
openvas 11
ubuntucve 1
freebsd 2
securityvulns 2
redhat 1
fedora 2
gentoo 1
prion
prion
Cross site request forgery (csrf)
2013-03-20 16:55:00
nessus
nessus
Amazon Linux AMI : puppet (ALAS-2013-181)
2013-09-04 00:00:00
Puppet Multiple Vulnerabilities (2013/03/12)
2013-04-26 00:00:00
FreeBSD : puppet26 -- multiple vulnerabilities (04042f95-14b8-4382-a8b9-b30e365776cf)
2013-03-14 00:00:00
cvelist
cvelist
CVE-2013-1640
2013-03-20 16:00:00
cve
cve
CVE-2013-1640
2013-03-20 16:55:01
debiancve
debiancve
CVE-2013-1640
2013-03-20 16:55:01
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2013-181)
2015-09-08 00:00:00
Ubuntu: Security Advisory (USN-1759-1)
2013-03-15 00:00:00
Ubuntu Update for puppet USN-1759-1
2013-03-15 00:00:00
ubuntucve
ubuntucve
CVE-2013-1640
2013-03-12 00:00:00
freebsd
freebsd
puppet26 -- multiple vulnerabilities
2013-03-13 00:00:00
puppet27 and puppet -- multiple vulnerabilities
2013-03-13 00:00:00
securityvulns
securityvulns
Puppet multiple security vulnerabilities
2013-03-24 00:00:00
[USN-1759-1] Puppet vulnerabilities
2013-03-24 00:00:00
redhat
redhat
(RHSA-2013:0710) Important: puppet security update
2013-04-04 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: puppet-3.1.1-1.fc18
2013-08-02 03:25:10
[SECURITY] Fedora 17 Update: puppet-2.7.21-2.fc17
2013-03-30 21:31:30
gentoo
gentoo
Puppet: Multiple vulnerabilities
2013-08-23 00:00:00

0.024 Low

EPSS

Percentile

89.8%

JSON
Related for ALAS-2013-181
prion1nessus10cvelist1cve1debiancve1openvas11ubuntucve1freebsd2securityvulns2redhat1fedora2gentoo1