UbuntuUSN-1928-1Puppet vulnerabilities
6.2 Medium
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
83.9%
Releases
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04
Packages
- puppet - Centralized configuration management
Details
It was discovered that Puppet incorrectly handled the resource_type
service. A local attacker on the primary server could use this issue to
execute arbitrary Ruby files. (CVE-2013-4761)
It was discovered that Puppet incorrectly handled permissions on the
modules it installed. Modules could be installed with the permissions that
existed when they were built, possibly exposing them to a local attacker.
(CVE-2013-4956)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 13.04 | noarch | puppet-common | < 2.7.18-4ubuntu1.2 | UNKNOWN |
| Ubuntu | 13.04 | noarch | puppet | < 2.7.18-4ubuntu1.2 | UNKNOWN |
| Ubuntu | 13.04 | noarch | puppet-el | < 2.7.18-4ubuntu1.2 | UNKNOWN |
| Ubuntu | 13.04 | noarch | puppet-testsuite | < 2.7.18-4ubuntu1.2 | UNKNOWN |
| Ubuntu | 13.04 | noarch | puppetmaster | < 2.7.18-4ubuntu1.2 | UNKNOWN |
| Ubuntu | 13.04 | noarch | puppetmaster-common | < 2.7.18-4ubuntu1.2 | UNKNOWN |
| Ubuntu | 13.04 | noarch | puppetmaster-passenger | < 2.7.18-4ubuntu1.2 | UNKNOWN |
| Ubuntu | 13.04 | noarch | vim-puppet | < 2.7.18-4ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | puppet-common | < 2.7.18-1ubuntu1.3 | UNKNOWN |
| Ubuntu | 12.10 | noarch | puppet | < 2.7.18-1ubuntu1.3 | UNKNOWN |
Related
6.2 Medium
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
83.9%