← Back

CVE-2013-4761

nvd nist
Published: Aug 20, 2013Modified: Apr 29, 2026

JSON object

Loading...
5.1
Vector
AV:N/AC:H/Au:N/C:P/I:P/A:P
Exploitability: 4.9 / Impact: 6.4
Source: NVD

Description

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.

Affected (11)

Puppet
2 products
Puppet
Puppet Enterprise
Puppetlabs
1 product
Puppet
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Puppet
Puppet
Version 3.2.1
Puppet
Version 3.2.2
Puppet
Version 3.2.3
Puppet
Version 3.2.0
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Puppet
Version 2.7.2
Puppetlabs
Puppet
Version 2.7.0
Puppet
Version 2.7.1
Configuration C
4 vulnerable
Vulnerable SoftwareAffected Versions
Puppet
Puppet Enterprise
Version 2.8.0
Puppet Enterprise
Version 2.8.1
Puppet Enterprise
Version 2.8.2
Puppet Enterprise
Version 3.0.0

References (10)

Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.