7.1
CVE-2013-1653
- EPSS 1.55%
- Published 20.03.2013 16:55:01
- Last modified 11.04.2025 00:51:21
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.
Data is provided by the National Vulnerability Database (NVD)
Puppetlabs ≫ Puppet Version2.7.0
Puppetlabs ≫ Puppet Version2.7.1
Puppetlabs ≫ Puppet Version2.7.19
Puppetlabs ≫ Puppet Version2.7.20
Puppetlabs ≫ Puppet Version2.7.20 Updaterc1
Puppet ≫ Puppet Enterprise Version3.1.0
Puppetlabs ≫ Puppet Version1.0 SwEditionenterprise
Puppetlabs ≫ Puppet Version1.1 SwEditionenterprise
Puppetlabs ≫ Puppet Version1.2.0 SwEditionenterprise
Puppetlabs ≫ Puppet Version1.2.1 SwEditionenterprise
Puppetlabs ≫ Puppet Version1.2.2 SwEditionenterprise
Puppetlabs ≫ Puppet Version1.2.3 SwEditionenterprise
Puppetlabs ≫ Puppet Version1.2.4 SwEditionenterprise
Puppetlabs ≫ Puppet Version1.2.5 SwEditionenterprise
Puppetlabs ≫ Puppet Version1.2.6 SwEditionenterprise
Puppet ≫ Puppet Enterprise Version2.7.0
Puppet ≫ Puppet Enterprise Version2.7.1
Canonical ≫ Ubuntu Linux Version11.10
Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version12.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.55% | 0.806 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 3.9 | 10 |
AV:N/AC:H/Au:S/C:C/I:C/A:C
|