CVE-2013-2274
Puppet: HTTP PUT report saving code execution vulnerability
Severity Score
6.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.
Puppet v2.6.x anterior a v2.6.18 y Puppet Enterprise v1.2.x anterior a v1.2.7 permite a usuarios remotos autenticados ejecutar código arbitrario en el puppet master, o un agente con puppet kick habilitado, mediante una petición espcialmente diesñada para un report.
Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code. Versions less than 2.7.23 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-02-26 CVE Reserved
- 2013-03-20 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/58447 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html | 2019-07-10 | |
| http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html | 2019-07-10 | |
| http://rhn.redhat.com/errata/RHSA-2013-0710.html | 2019-07-10 | |
| http://secunia.com/advisories/52596 | 2019-07-10 | |
| http://www.debian.org/security/2013/dsa-2643 | 2019-07-10 | |
| https://puppetlabs.com/security/cve/cve-2013-2274 | 2019-07-10 | |
| https://access.redhat.com/security/cve/CVE-2013-2274 | 2013-04-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=919773 | 2013-04-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.0 Search vendor "Puppet" for product "Puppet" and version "2.6.0" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.1 Search vendor "Puppet" for product "Puppet" and version "2.6.1" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.2 Search vendor "Puppet" for product "Puppet" and version "2.6.2" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.3 Search vendor "Puppet" for product "Puppet" and version "2.6.3" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.4 Search vendor "Puppet" for product "Puppet" and version "2.6.4" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.5 Search vendor "Puppet" for product "Puppet" and version "2.6.5" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.6 Search vendor "Puppet" for product "Puppet" and version "2.6.6" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.7 Search vendor "Puppet" for product "Puppet" and version "2.6.7" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.8 Search vendor "Puppet" for product "Puppet" and version "2.6.8" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.9 Search vendor "Puppet" for product "Puppet" and version "2.6.9" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.10 Search vendor "Puppet" for product "Puppet" and version "2.6.10" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.11 Search vendor "Puppet" for product "Puppet" and version "2.6.11" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.12 Search vendor "Puppet" for product "Puppet" and version "2.6.12" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.13 Search vendor "Puppet" for product "Puppet" and version "2.6.13" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.14 Search vendor "Puppet" for product "Puppet" and version "2.6.14" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.15 Search vendor "Puppet" for product "Puppet" and version "2.6.15" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.16 Search vendor "Puppet" for product "Puppet" and version "2.6.16" | - |
Affected
| ||||||
| Puppetlabs Search vendor "Puppetlabs" | Puppet Search vendor "Puppetlabs" for product "Puppet" | 2.6.17 Search vendor "Puppetlabs" for product "Puppet" and version "2.6.17" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 1.2.0 Search vendor "Puppet" for product "Puppet Enterprise" and version "1.2.0" | - |
Affected
| ||||||