Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.6
CVSSv2

CVE-2013-4956

Published: 20/08/2013 Updated: 10/07/2019
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
VMScore: 320
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Summary

Puppet Module Tool (PMT), as used in Puppet 2.7.x prior to 2.7.23 and 3.2.x prior to 3.2.4, and Puppet Enterprise 2.8.x prior to 2.8.3 and 3.0.x prior to 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

puppet puppet enterprise 3.0.0

puppet puppet 2.7.10

puppet puppet 2.7.18

puppet puppet 2.7.21

puppet puppet 2.7.9

puppet puppet 2.7.2

puppet puppet enterprise 2.8.0

puppet puppet 2.7.13

puppet puppet 2.7.14

puppet puppet 2.7.4

puppet puppet 2.7.5

puppet puppet 2.7.6

puppetlabs puppet 3.2.0

puppet puppet 3.2.1

puppet puppet 2.7.11

puppet puppet 2.7.12

puppet puppet 2.7.22

puppet puppet 2.7.3

puppetlabs puppet 2.7.1

puppetlabs puppet 2.7.0

puppet puppet enterprise 2.8.1

puppet puppet enterprise 2.8.2

puppet puppet 2.7.16

puppet puppet 2.7.17

puppet puppet 2.7.7

puppet puppet 2.7.8

puppet puppet 3.2.2

puppet puppet 3.2.3

Vendor Advisories

Red Hat: Moderate: puppet security update
Synopsis Moderate: puppet security update Type/Severity Security Advisory: Moderate Topic Updated puppet packages that fix several security issues are now availablefor Red Hat OpenStack 30The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Scori ...
Red Hat: Critical: ruby193-puppet security update
Synopsis Critical: ruby193-puppet security update Type/Severity Security Advisory: Critical Topic Updated ruby193-puppet packages that fix three security issues are nowavailable for Red Hat OpenStack 30The Red Hat Security Response Team has rated this update as having criticalsecurity impact Common Vulne ...
Ubuntu Security Notice: puppet vulnerabilities
Several security issues were fixed in Puppet ...
Debian Security Advisories: DSA-2761-1 puppet -- several vulnerabilities
Several vulnerabilities were discovered in puppet, a centralized configuration management system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4761 The resource_type service (disabled by default) could be used to make puppet load arbitrary Ruby code from puppet master's file system CVE-2 ...
Amazon Linux AMI: ALAS-2013-219
Unspecified vulnerability in Puppet 27x before 2723 and 32x before 324, and Puppet Enterprise 28x before 283 and 30x before 301, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to ...
Red Hat: CVE-2013-4956
Puppet Module Tool (PMT), as used in Puppet 27x before 2723 and 32x before 324, and Puppet Enterprise 28x before 283 and 30x before 301, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original ...

References

CWE-264http://puppetlabs.com/security/cve/cve-2013-4956/http://www.debian.org/security/2013/dsa-2761http://rhn.redhat.com/errata/RHSA-2013-1284.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1283.htmlhttps://access.redhat.com/errata/RHSA-2013:1283https://usn.ubuntu.com/1928-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-4956
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypassopen redirectCVE-2024-4358CVE-2024-24199CVE-2024-5550CVE-2024-5305CVE-2024-30373CVE-2024-1800deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook