CVE-2013-3567

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

Published: Aug 20, 2013
Updated: May 9, 2024
CVE: CVE-2013-3567
GHSA: GHSA-f7p5-w2cr-7cp7
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
puppetlabs / puppet	2.7.0	2.7.0.x
puppetlabs / puppet	3.2.0	3.2.0.x
puppetlabs / puppet	2.7.1	2.7.1.x
puppetlabs / puppet	2.7.20-rc1	2.7.20-rc1.x
puppetlabs / puppet	2.7.19	2.7.19.x
puppetlabs / puppet	2.7.20	2.7.20.x
puppet / puppet	2.7.2	2.7.2.x
puppet / puppet	2.7.10	2.7.10.x
puppet / puppet	2.7.11	2.7.11.x
puppet / puppet	2.7.12	2.7.12.x
puppet / puppet	2.7.13	2.7.13.x
puppet / puppet	2.7.14	2.7.14.x
puppet / puppet	2.7.16	2.7.16.x
puppet / puppet	2.7.17	2.7.17.x
puppet / puppet	2.7.18	2.7.18.x
puppet / puppet	2.7.21	2.7.21.x
puppet / puppet	3.2.1	3.2.1.x
canonical / ubuntu_linux	13.04	13.04.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x
novell / suse_linux_enterprise_server	11.0-sp2	11.0-sp2.x
novell / suse_linux_enterprise_desktop	11.0-sp2	11.0-sp2.x
novell / suse_linux_enterprise_desktop	11-sp3	11-sp3.x
novell / suse_linux_enterprise_server	11.0-sp3	11.0-sp3.x
puppetlabs / puppet	2.5.0	2.5.0.x
puppetlabs / puppet	1.2.0	1.2.0.x
puppetlabs / puppet	2.6.0	2.6.0.x
puppetlabs / puppet	1.0.0	1.0.0.x
puppetlabs / puppet	2.7.2	2.7.2.x
puppetlabs / puppet	1.1.0	1.1.0.x
puppet / puppet_enterprise	1.0	1.0.x
puppet / puppet_enterprise	1.1	1.1.x
puppet / puppet_enterprise	1.2.0	1.2.0.x
puppet / puppet_enterprise	2.0.0	2.0.0.x
puppet / puppet_enterprise	2.5.1	2.5.1.x
puppet / puppet_enterprise	2.5.2	2.5.2.x
puppet / puppet_enterprise	-	2.8.1.x
puppet / puppet_enterprise	2.8.0	2.8.0.x
puppet	2.7.0	2.7.22
puppet	3.2.0	3.2.2

Vulnerability Database

289,599

CVE-2013-3567