CVE-2013-1398

Published: Mar 14, 2014Modified: May 6, 2026

8.5

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability: 6.8 / Impact: 10.0

Source: NVD

Description

The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the master role.

Affected (6)

Products: Puppet: Puppet Enterprise · Puppetlabs: Puppet

1 product

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Puppet Puppet Enterprise	Up to 2.7.0
Puppet Puppet Enterprise	Version 2.0.0
Puppet Puppet Enterprise	Version 2.5.1
Puppet Puppet Enterprise	Version 2.5.2
Puppetlabs Puppet	Version 2.5.0
Puppetlabs Puppet	Version 2.6.0

Related CWEs

CWE-310

References (2)

http://puppetlabs.com/security/cve/cve-2013-1398

Source: cve@mitre.org

Vendor Advisory

http://puppetlabs.com/security/cve/cve-2013-1398

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.