← Back

CVE-2013-3567

nvd nist
Published: Aug 19, 2013Modified: Apr 29, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

Affected (41)

Show all products
Puppet: Puppet, Puppet Enterprise · Puppetlabs: Puppet · Canonical: Ubuntu Linux · Novell: Suse Linux Enterprise Desktop, Suse Linux Enterprise Server
Puppet
2 products
Puppet
Puppet Enterprise
Puppetlabs
1 product
Puppet
Canonical
1 product
Ubuntu Linux
Novell
2 products
Suse Linux Enterprise Desktop
Suse Linux Enterprise Server
Configuration A
17 vulnerable
Vulnerable SoftwareAffected Versions
Puppet
Puppet
Version 2.7.10
Puppet
Version 2.7.11
Puppet
Version 2.7.12
Puppet
Version 2.7.13
Puppet
Version 2.7.14
Puppet
Version 2.7.16
Puppet
Version 2.7.17
Puppet
Version 2.7.18
Puppet
Version 2.7.21
Puppet
Version 2.7.2
Puppet
Version 3.2.1
Puppetlabs
Puppet
Version 2.7.0
Puppet
Version 2.7.19
Puppet
Version 2.7.1
Puppet
Version 2.7.20
Puppet
Version 2.7.20 rc1
Puppet
Version 3.2.0
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 12.10
Ubuntu Linux
Version 13.04
Configuration C
5 vulnerable
Vulnerable SoftwareAffected Versions
Novell
Suse Linux Enterprise Desktop
Version 11.0 sp2
Suse Linux Enterprise Desktop
Version 11 sp3
Novell
Suse Linux Enterprise Server
Version 11.0 sp2
Suse Linux Enterprise Server
Version 11.0 sp3
Suse Linux Enterprise Server
Version 11.0 sp3
Configuration D
16 vulnerable
Vulnerable SoftwareAffected Versions
Puppet
Puppet Enterprise
Up to 2.8.1
Puppet Enterprise
Version 1.0
Puppet Enterprise
Version 1.1
Puppet Enterprise
Version 1.2.0
Puppet Enterprise
Version 2.0.0
Puppet Enterprise
Version 2.5.1
Puppet Enterprise
Version 2.5.2
Puppet Enterprise
Version 2.8.0
Puppetlabs
Puppet
Version 1.0.0
Puppet
Version 1.1.0
Puppet
Version 1.2.0
Puppet
Version 2.5.0
Puppet
Version 2.6.0
Puppet
Version 2.7.0
Puppet
Version 2.7.1
Puppet
Version 2.7.2

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.