Cross site request forgery (csrf)

2013-03-2016:55:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.5%

JSON

The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.

CPENameOperatorVersion
ubuntu_linuxeq12.04
ubuntu_linuxeq11.10
ubuntu_linuxeq12.10
puppetlt2.6.18
puppetge2.7.0
puppetlt2.7.21
puppeteq3.1.0
puppet_enterpriselt1.2.7
puppet_enterpriseeq2.7.0
puppet_enterpriseeq2.7.1

Name	Operator	Version
ubuntu_linux	eq	12.04
ubuntu_linux	eq	11.10
ubuntu_linux	eq	12.10
puppet	lt	2.6.18
puppet	ge	2.7.0
puppet	lt	2.7.21
puppet	eq	3.1.0
puppet_enterprise	lt	1.2.7
puppet_enterprise	eq	2.7.0
puppet_enterprise	eq	2.7.1