V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2013-1640
DEB
Medium

The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.…

CVSS
6.5
Medium
EPSS
0.05
p90
Published
2013-01-01
Updated
2013-01-01
Description

The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.

Tags · CWE
CWE-502
CAPEC-586
Affected products
Puppet < 2.6.18
CVSS vector
AV:N/AC:L/Au:S/C:P/I:P/A:P
Timeline
2013-01-01
Published
2013-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Authentication
Au: S
Single
Confidentiality Impact
C: P
Partial
Integrity Impact
I: P
Partial
Availability Impact
A: P
Partial
Exploit indicators
EPSS
0.049 · p90
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
puppetTracked
puppetTracked
puppetTracked
puppet*Tracked
puppet*Tracked
puppet*Tracked
puppet_enterprise*Tracked
puppet_enterprise*Tracked
ubuntu_linux*Tracked
Source databases
DEB
CVE
RED
UBU
Related vulnerabilities