CVE-2013-1653

2013-03-1200:00:00

ubuntu.com

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.6%

JSON

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and
Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for
incoming connections is enabled and allowing access to the “run” REST
endpoint is allowed, allows remote authenticated users to execute arbitrary
code via a crafted HTTP request.

OSVersionArchitecturePackageVersionFilename
ubuntu11.10noarchpuppet< 2.7.1-1ubuntu3.8UNKNOWN
ubuntu12.04noarchpuppet< 2.7.11-1ubuntu2.2UNKNOWN
ubuntu12.10noarchpuppet< 2.7.18-1ubuntu1.1UNKNOWN