CVE-2013-1652

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.

Published: Mar 20, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1652
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.9
AV:N/AC:M/Au:S/C:P/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
puppetlabs / puppet	-	2.6.17.x
puppetlabs / puppet	2.7.0	2.7.0.x
puppetlabs / puppet	2.7.1	2.7.1.x
puppetlabs / puppet	2.7.20-rc1	2.7.20-rc1.x
puppetlabs / puppet	2.7.19	2.7.19.x
puppetlabs / puppet	2.7.20	2.7.20.x
puppet / puppet	2.7.2	2.7.2.x
puppet / puppet	2.7.3	2.7.3.x
puppet / puppet	2.7.4	2.7.4.x
puppet / puppet	2.7.5	2.7.5.x
puppet / puppet	2.7.6	2.7.6.x
puppet / puppet	2.7.7	2.7.7.x
puppet / puppet	2.7.8	2.7.8.x
puppet / puppet	2.7.9	2.7.9.x
puppet / puppet	2.7.10	2.7.10.x
puppet / puppet	2.7.11	2.7.11.x
puppet / puppet	2.7.12	2.7.12.x
puppet / puppet	2.7.13	2.7.13.x
puppet / puppet	2.7.14	2.7.14.x
puppet / puppet	2.7.16	2.7.16.x
puppet / puppet	2.7.17	2.7.17.x
puppet / puppet	2.7.18	2.7.18.x
puppet / puppet_enterprise	3.1.0	3.1.0.x
puppetlabs / puppet	-	1.2.6.x
puppet / puppet_enterprise	2.7.0	2.7.0.x
puppet / puppet_enterprise	2.7.1	2.7.1.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	11.10	11.10.x
canonical / ubuntu_linux	12.10	12.10.x

Vulnerability Database

289,697

CVE-2013-1652