CVE Vulnerabilities

CVE-2013-2274

Published: Mar 20, 2013 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
6.5 IMPORTANT
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V3
Ubuntu
HIGH
root.io minimus.io echohq.com

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.

Affected Software

Name Vendor Start Version End Version
Puppet Puppet 2.6.0 (including) 2.6.0 (including)
Puppet Puppet 2.6.1 (including) 2.6.1 (including)
Puppet Puppet 2.6.2 (including) 2.6.2 (including)
Puppet Puppet 2.6.3 (including) 2.6.3 (including)
Puppet Puppet 2.6.4 (including) 2.6.4 (including)
Puppet Puppet 2.6.5 (including) 2.6.5 (including)
Puppet Puppet 2.6.6 (including) 2.6.6 (including)
Puppet Puppet 2.6.7 (including) 2.6.7 (including)
Puppet Puppet 2.6.8 (including) 2.6.8 (including)
Puppet Puppet 2.6.9 (including) 2.6.9 (including)
Puppet Puppet 2.6.10 (including) 2.6.10 (including)
Puppet Puppet 2.6.11 (including) 2.6.11 (including)
Puppet Puppet 2.6.12 (including) 2.6.12 (including)
Puppet Puppet 2.6.13 (including) 2.6.13 (including)
Puppet Puppet 2.6.14 (including) 2.6.14 (including)
Puppet Puppet 2.6.15 (including) 2.6.15 (including)
Puppet Puppet 2.6.16 (including) 2.6.16 (including)
Puppet Puppetlabs 2.6.17 (including) 2.6.17 (including)
OpenStack Folsom for RHEL 6 RedHat puppet-0:2.6.18-1.el6ost *
Puppet Ubuntu hardy *
Puppet Ubuntu upstream *

References