CVSS: 4.3EPSS: 0%CPEs: 46EXPL: 0CVE-2013-2275 – Puppet: default auth.conf allows authenticated node to submit a report for any other node
https://notcve.org/view.php?id=CVE-2013-2275
20 Mar 2013 — The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors. La configuración por defecto para puppet masters v0.25.0 y posteriores en Puppet anterior a v2.6.18, v2.7.x anterior a v2.7.21 y v3.1.x anterior a 3.1.1, y Puppet Enterprise anterior a v1.2.7 y v2.7.x anterior a v2.7.2, permite ... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html •
CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2013-1654 – Puppet: SSL protocol downgrade
https://notcve.org/view.php?id=CVE-2013-1654
20 Mar 2013 — Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors. Puppet v2.7.x anterior a v2.7.21 y v3.1.x anterior a v3.1.1, y Puppet Enterprise v2.7.x anterior a v2.7.2, no negocian correctamente el protocolo SSL entre el cliente y el master, lo que permite a atacantes remotos llevar a cabo ataqu... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html •