CVE-2013-4761
Puppet: resource_type service code execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.
Vulnerabilidad sin especificar en Puppet 2.7.x anterior a 2.7.23 y 3.2.x anterior a 3.2.4, y Puppet Enterprise 2.8.x anterior a 2.8.3 y 3.0.x anterior a 3.0.1, permite a atacantes remotos ejecutar programas Ruby arbitrariamente desde el master a travĂ©s del servicio resource_type. NOTA: esta vulnerabilidad Ășnicamente puede ser explotada utilizando un "acceso local al sistema de ficheros no especificado" al Puppet Master.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-07-05 CVE Reserved
- 2013-08-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (7)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html | 2019-07-10 | |
http://puppetlabs.com/security/cve/cve-2013-4761 | 2019-07-10 | |
http://rhn.redhat.com/errata/RHSA-2013-1283.html | 2019-07-10 | |
http://rhn.redhat.com/errata/RHSA-2013-1284.html | 2019-07-10 | |
http://www.debian.org/security/2013/dsa-2761 | 2019-07-10 | |
https://access.redhat.com/security/cve/CVE-2013-4761 | 2013-09-24 | |
https://bugzilla.redhat.com/show_bug.cgi?id=996856 | 2013-09-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 3.2.1 Search vendor "Puppet" for product "Puppet" and version "3.2.1" | - |
Affected
| ||||||
Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 3.2.2 Search vendor "Puppet" for product "Puppet" and version "3.2.2" | - |
Affected
| ||||||
Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 3.2.3 Search vendor "Puppet" for product "Puppet" and version "3.2.3" | - |
Affected
| ||||||
Puppetlabs Search vendor "Puppetlabs" | Puppet Search vendor "Puppetlabs" for product "Puppet" | 3.2.0 Search vendor "Puppetlabs" for product "Puppet" and version "3.2.0" | - |
Affected
| ||||||
Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.2 Search vendor "Puppet" for product "Puppet" and version "2.7.2" | - |
Affected
| ||||||
Puppetlabs Search vendor "Puppetlabs" | Puppet Search vendor "Puppetlabs" for product "Puppet" | 2.7.0 Search vendor "Puppetlabs" for product "Puppet" and version "2.7.0" | - |
Affected
| ||||||
Puppetlabs Search vendor "Puppetlabs" | Puppet Search vendor "Puppetlabs" for product "Puppet" | 2.7.1 Search vendor "Puppetlabs" for product "Puppet" and version "2.7.1" | - |
Affected
| ||||||
Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 2.8.0 Search vendor "Puppet" for product "Puppet Enterprise" and version "2.8.0" | - |
Affected
| ||||||
Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 2.8.1 Search vendor "Puppet" for product "Puppet Enterprise" and version "2.8.1" | - |
Affected
| ||||||
Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 2.8.2 Search vendor "Puppet" for product "Puppet Enterprise" and version "2.8.2" | - |
Affected
| ||||||
Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 3.0.0 Search vendor "Puppet" for product "Puppet Enterprise" and version "3.0.0" | - |
Affected
|