CVE-2013-1653

Loading...

General

Score:7.1/10.0
Severity:Medium
Category:N/A

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:High
Authentication:Single

Relative vulnerabilities

CVE-2013-1640, CVE-2013-1652, CVE-2013-1654, CVE-2013-1655, CVE-2013-2274, CVE-2013-2275

Published on 20/03/13 - Updated on 21/11/17

Description

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.

Category:

There is insufficient information about the issue to classify it; details are unknown or unspecified.

Security Notices

US National Vulnerability DatabaseCVE-2013-1653
Debian DSA-2643-1
SUSE SUSE-SU-2013:0618
Ubuntu USN-1759-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
canonicalubuntu_linux
puppetlabspuppet

Share this vulnerability with:

Twitter Facebook LinkedIn Mail