CVE-2013-1652

Published: Mar 20, 2013Modified: Apr 29, 2026

4.9

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:N

Exploitability: 6.8 / Impact: 4.9

Source: NVD

Description

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.

Affected (29)

Products: Puppetlabs: Puppet · Puppet: Puppet, Puppet Enterprise · Canonical: Ubuntu Linux

1 product

2 products

Puppet Enterprise

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Puppetlabs Puppet	Up to 2.6.17

Configuration B

21 vulnerable

Vulnerable Software	Affected Versions
Puppet Puppet	Version 2.7.10
Puppet Puppet	Version 2.7.11
Puppet Puppet	Version 2.7.12
Puppet Puppet	Version 2.7.13
Puppet Puppet	Version 2.7.14
Puppet Puppet	Version 2.7.16
Puppet Puppet	Version 2.7.17
Puppet Puppet	Version 2.7.18
Puppet Puppet	Version 2.7.2
Puppet Puppet	Version 2.7.3
Puppet Puppet	Version 2.7.4
Puppet Puppet	Version 2.7.5
Puppet Puppet	Version 2.7.6
Puppet Puppet	Version 2.7.7
Puppet Puppet	Version 2.7.8
Puppet Puppet	Version 2.7.9
Puppetlabs Puppet	Version 2.7.0
Puppetlabs Puppet	Version 2.7.19
Puppetlabs Puppet	Version 2.7.1
Puppetlabs Puppet	Version 2.7.20
Puppetlabs Puppet	Version 2.7.20 rc1

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Puppet Puppet Enterprise	Version 3.1.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Puppetlabs Puppet	Up to 1.2.6

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Puppet Puppet Enterprise	Version 2.7.0
Puppet Puppet Enterprise	Version 2.7.1

Configuration F

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 11.10
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 12.10

Related CWEs

References (16)

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0710.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/52596

Source: cve@mitre.org

Third Party AdvisoryVendor Advisory

http://ubuntu.com/usn/usn-1759-1

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2013/dsa-2643

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/58443

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://puppetlabs.com/security/cve/cve-2013-1652/

Source: cve@mitre.org

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0710.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/52596

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVendor Advisory

http://ubuntu.com/usn/usn-1759-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.debian.org/security/2013/dsa-2643

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/58443

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://puppetlabs.com/security/cve/cve-2013-1652/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.