CVE-2013-1654

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.

Published: Mar 20, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1654
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
puppetlabs / puppet	2.7.0	2.7.0.x
puppetlabs / puppet	2.7.1	2.7.1.x
puppetlabs / puppet	2.7.20-rc1	2.7.20-rc1.x
puppetlabs / puppet	2.7.19	2.7.19.x
puppetlabs / puppet	2.7.20	2.7.20.x
puppet / puppet	2.7.2	2.7.2.x
puppet / puppet	2.7.3	2.7.3.x
puppet / puppet	2.7.4	2.7.4.x
puppet / puppet	2.7.5	2.7.5.x
puppet / puppet	2.7.6	2.7.6.x
puppet / puppet	2.7.7	2.7.7.x
puppet / puppet	2.7.8	2.7.8.x
puppet / puppet	2.7.9	2.7.9.x
puppet / puppet	2.7.10	2.7.10.x
puppet / puppet	2.7.11	2.7.11.x
puppet / puppet	2.7.12	2.7.12.x
puppet / puppet	2.7.13	2.7.13.x
puppet / puppet	2.7.14	2.7.14.x
puppet / puppet	2.7.16	2.7.16.x
puppet / puppet	2.7.17	2.7.17.x
puppet / puppet	2.7.18	2.7.18.x
puppet / puppet_enterprise	3.1.0	3.1.0.x
canonical / ubuntu_linux	11.10	11.10.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x

Vulnerability Database

289,599

CVE-2013-1654