CVE-2013-1653
7.1
Vector
AV:N/AC:H/Au:S/C:C/I:C/A:C
Exploitability: 3.9 / Impact: 10.0
Source: NVD
Description
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.
Affected (37)
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.7.10 | |
| Version 2.7.0 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 3.1.0 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.7.0 |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.10 |
References (14)
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.