Vulnerability Database

289,689

Total vulnerabilities in the database

CVE-2013-2274

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.

  • Published: Mar 20, 2013
  • Updated: Apr 13, 2023
  • CVE: CVE-2013-2274
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
puppetlabs / puppet 2.6.17 2.6.17.x
puppet / puppet 2.6.0 2.6.0.x
puppet / puppet 2.6.1 2.6.1.x
puppet / puppet 2.6.2 2.6.2.x
puppet / puppet 2.6.3 2.6.3.x
puppet / puppet 2.6.4 2.6.4.x
puppet / puppet 2.6.5 2.6.5.x
puppet / puppet 2.6.6 2.6.6.x
puppet / puppet 2.6.7 2.6.7.x
puppet / puppet 2.6.8 2.6.8.x
puppet / puppet 2.6.9 2.6.9.x
puppet / puppet 2.6.10 2.6.10.x
puppet / puppet 2.6.11 2.6.11.x
puppet / puppet 2.6.12 2.6.12.x
puppet / puppet 2.6.13 2.6.13.x
puppet / puppet 2.6.14 2.6.14.x
puppet / puppet 2.6.15 2.6.15.x
puppet / puppet 2.6.16 2.6.16.x
puppet / puppet_enterprise 1.2.0 1.2.0.x