6.5
CVE-2013-2274
- EPSS 2.91%
- Veröffentlicht 20.03.2013 16:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Puppetlabs ≫ Puppet Version2.6.17
Puppet ≫ Puppet Enterprise Version1.2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.91% | 0.852 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
http://rhn.redhat.com/errata/RHSA-2013-0710.html
http://secunia.com/advisories/52596
http://www.debian.org/security/2013/dsa-2643
http://www.securityfocus.com/bid/58447
https://puppetlabs.com/security/cve/cve-2013-2274/