Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.1
CVSSv2

CVE-2013-4761

Published: 20/08/2013 Updated: 10/07/2019
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
VMScore: 454
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Summary

Unspecified vulnerability in Puppet 2.7.x prior to 2.7.23 and 3.2.x prior to 3.2.4, and Puppet Enterprise 2.8.x prior to 2.8.3 and 3.0.x prior to 3.0.1, allows remote malicious users to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.

Vulnerable Product Search on Vulmon Subscribe to Product

puppetlabs puppet 3.2.0

puppet puppet 3.2.1

puppet puppet 3.2.2

puppet puppet 3.2.3

puppet puppet 2.7.2

puppetlabs puppet 2.7.1

puppetlabs puppet 2.7.0

puppet puppet enterprise 3.0.0

puppet puppet enterprise 2.8.2

puppet puppet enterprise 2.8.0

puppet puppet enterprise 2.8.1

Vendor Advisories

Red Hat: Moderate: puppet security update
Synopsis Moderate: puppet security update Type/Severity Security Advisory: Moderate Topic Updated puppet packages that fix several security issues are now availablefor Red Hat OpenStack 30The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Scori ...
Red Hat: Critical: ruby193-puppet security update
Synopsis Critical: ruby193-puppet security update Type/Severity Security Advisory: Critical Topic Updated ruby193-puppet packages that fix three security issues are nowavailable for Red Hat OpenStack 30The Red Hat Security Response Team has rated this update as having criticalsecurity impact Common Vulne ...
Ubuntu Security Notice: puppet vulnerabilities
Several security issues were fixed in Puppet ...
Debian Security Advisories: DSA-2761-1 puppet -- several vulnerabilities
Several vulnerabilities were discovered in puppet, a centralized configuration management system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4761 The resource_type service (disabled by default) could be used to make puppet load arbitrary Ruby code from puppet master's file system CVE-2 ...
Amazon Linux AMI: ALAS-2013-219
Unspecified vulnerability in Puppet 27x before 2723 and 32x before 324, and Puppet Enterprise 28x before 283 and 30x before 301, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to ...
Red Hat: CVE-2013-4761
Unspecified vulnerability in Puppet 27x before 2723 and 32x before 324, and Puppet Enterprise 28x before 283 and 30x before 301, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to ...

References

NVD-CWE-noinfohttp://puppetlabs.com/security/cve/cve-2013-4761/http://www.debian.org/security/2013/dsa-2761http://rhn.redhat.com/errata/RHSA-2013-1284.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1283.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.htmlhttps://access.redhat.com/errata/RHSA-2013:1283https://usn.ubuntu.com/1928-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-4761
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camerabypassCVE-2024-3592CVE-2024-37383CVE-2024-24919CVE-2024-27822CVE-2024-36788CVE-2024-36789man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook