6.5

CVE-2013-2274

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PuppetPuppet Version2.6.0
PuppetPuppet Version2.6.1
PuppetPuppet Version2.6.2
PuppetPuppet Version2.6.3
PuppetPuppet Version2.6.4
PuppetPuppet Version2.6.5
PuppetPuppet Version2.6.6
PuppetPuppet Version2.6.7
PuppetPuppet Version2.6.8
PuppetPuppet Version2.6.9
PuppetPuppet Version2.6.10
PuppetPuppet Version2.6.11
PuppetPuppet Version2.6.12
PuppetPuppet Version2.6.13
PuppetPuppet Version2.6.14
PuppetPuppet Version2.6.15
PuppetPuppet Version2.6.16
PuppetlabsPuppet Version2.6.17
PuppetPuppet Enterprise Version1.2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.91% 0.852
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
http://rhn.redhat.com/errata/RHSA-2013-0710.html
http://secunia.com/advisories/52596
Vendor Advisory
http://www.debian.org/security/2013/dsa-2643
http://www.securityfocus.com/bid/58447
https://puppetlabs.com/security/cve/cve-2013-2274/
Vendor Advisory