CVE-2013-2275

Published: Mar 20, 2013Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.

Affected (46)

Products: Puppet: Puppet, Puppet Enterprise · Puppetlabs: Puppet · Canonical: Ubuntu Linux

2 products

Puppet Enterprise

1 product

1 product

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Puppet Puppet	Version 2.6.0
Puppet Puppet	Version 2.6.10
Puppet Puppet	Version 2.6.11
Puppet Puppet	Version 2.6.12
Puppet Puppet	Version 2.6.13
Puppet Puppet	Version 2.6.14
Puppet Puppet	Version 2.6.15
Puppet Puppet	Version 2.6.16
Puppet Puppet	Version 2.6.1
Puppet Puppet	Version 2.6.2
Puppet Puppet	Version 2.6.3
Puppet Puppet	Version 2.6.4
Puppet Puppet	Version 2.6.5
Puppet Puppet	Version 2.6.6
Puppet Puppet	Version 2.6.7
Puppet Puppet	Version 2.6.8
Puppet Puppet	Version 2.6.9
Puppetlabs Puppet	Up to 2.6.17

Configuration B

21 vulnerable

Vulnerable Software	Affected Versions
Puppet Puppet	Version 2.7.10
Puppet Puppet	Version 2.7.11
Puppet Puppet	Version 2.7.12
Puppet Puppet	Version 2.7.13
Puppet Puppet	Version 2.7.14
Puppet Puppet	Version 2.7.16
Puppet Puppet	Version 2.7.17
Puppet Puppet	Version 2.7.18
Puppet Puppet	Version 2.7.2
Puppet Puppet	Version 2.7.3
Puppet Puppet	Version 2.7.4
Puppet Puppet	Version 2.7.5
Puppet Puppet	Version 2.7.6
Puppet Puppet	Version 2.7.7
Puppet Puppet	Version 2.7.8
Puppet Puppet	Version 2.7.9
Puppetlabs Puppet	Version 2.7.0
Puppetlabs Puppet	Version 2.7.19
Puppetlabs Puppet	Version 2.7.1
Puppetlabs Puppet	Version 2.7.20
Puppetlabs Puppet	Version 2.7.20 rc1

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Puppet Puppet Enterprise	Version 3.1.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Puppetlabs Puppet	Up to 1.2.6

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Puppet Puppet Enterprise	Version 2.7.0
Puppet Puppet Enterprise	Version 2.7.1

Configuration F

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 11.10
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 12.10

References (16)

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0710.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/52596

Source: cve@mitre.org

Third Party Advisory

http://ubuntu.com/usn/usn-1759-1

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2013/dsa-2643

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/58449

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://puppetlabs.com/security/cve/cve-2013-2275/

Source: cve@mitre.org

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0710.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/52596

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://ubuntu.com/usn/usn-1759-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.debian.org/security/2013/dsa-2643

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/58449

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://puppetlabs.com/security/cve/cve-2013-2275/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.