5.1

CVE-2013-4761

EPSS 0.62%
Veröffentlicht 20.08.2013 22:55:04
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Puppet ≫ Puppet Version3.2.1

Puppet ≫ Puppet Version3.2.2

Puppet ≫ Puppet Version3.2.3

Puppetlabs ≫ Puppet Version3.2.0

Puppet ≫ Puppet Version2.7.2

Puppetlabs ≫ Puppet Version2.7.0

Puppetlabs ≫ Puppet Version2.7.1

Puppet ≫ Puppet Enterprise Version2.8.0

Puppet ≫ Puppet Enterprise Version2.8.1

Puppet ≫ Puppet Enterprise Version2.8.2

Puppet ≫ Puppet Enterprise Version3.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.62%	0.69

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

http://rhn.redhat.com/errata/RHSA-2013-1283.html

http://rhn.redhat.com/errata/RHSA-2013-1284.html

http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html

http://puppetlabs.com/security/cve/cve-2013-4761/

Vendor Advisory

http://www.debian.org/security/2013/dsa-2761

https://nvd.nist.gov/vuln/detail/CVE-2013-4761

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-4761

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-4761

EUVD