Vulnerability Details : CVE-2013-1652
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2013-1652
Probability of exploitation activity in the next 30 days: 0.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-1652
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.9
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:N |
6.8
|
4.9
|
NIST |
CWE ids for CVE-2013-1652
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1652
-
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
[security-announce] SUSE-SU-2013:0618-1: important: Security update forMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0710.html
RHSA-2013:0710 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
openSUSE-SU-2013:0641-1: moderate: puppet: security fixesMailing List;Third Party Advisory
-
https://puppetlabs.com/security/cve/cve-2013-1652/
CVE-2013-1652 | PuppetVendor Advisory
-
http://ubuntu.com/usn/usn-1759-1
USN-1759-1: Puppet vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.securityfocus.com/bid/58443
Puppet CVE-2013-1652 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2013/dsa-2643
Debian -- Security Information -- DSA-2643-1 puppetThird Party Advisory
Products affected by CVE-2013-1652
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*