CVE-2013-4761

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.

Published: Aug 21, 2013
Updated: May 9, 2024
CVE: CVE-2013-4761
GHSA: GHSA-cj43-9h3w-v976
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
puppetlabs / puppet	3.2.0	3.2.0.x
puppet / puppet	3.2.1	3.2.1.x
puppet / puppet	3.2.2	3.2.2.x
puppet / puppet	3.2.3	3.2.3.x
puppetlabs / puppet	2.7.0	2.7.0.x
puppetlabs / puppet	2.7.1	2.7.1.x
puppet / puppet	2.7.2	2.7.2.x
puppet / puppet_enterprise	3.0.0	3.0.0.x
puppet / puppet_enterprise	2.8.1	2.8.1.x
puppet / puppet_enterprise	2.8.2	2.8.2.x
puppet / puppet_enterprise	2.8.0	2.8.0.x
puppet	2.7.0	2.7.23
puppet	3.2.0	3.2.4

Vulnerability Database

289,599

CVE-2013-4761