Vulnerability-Lookup

CVE-2013-4761 (GCVE-0-2013-4761)

Vulnerability from cvelistv5 – Published: 2013-08-20 22:00 – Updated: 2024-08-06 16:52

Summary

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GHSA-CJ43-9H3W-V976

Vulnerability from github – Published: 2017-10-24 18:33 – Updated: 2022-10-04 21:44

Summary

Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "puppet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "puppet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2.0"
            },
            {
              "fixed": "3.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-4761"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:31:52Z",
    "nvd_published_at": "2013-08-20T22:55:04Z",
    "severity": "MODERATE"
  },
  "details": "Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master.",
  "id": "GHSA-cj43-9h3w-v976",
  "modified": "2022-10-04T21:44:45Z",
  "published": "2017-10-24T18:33:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4761"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/puppetlabs/puppet"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml"
    },
    {
      "type": "WEB",
      "url": "https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "http://puppetlabs.com/security/cve/cve-2013-4761"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2013/dsa-2761"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service"
}

FKIE_CVE-2013-4761

Vulnerability from fkie_nvd - Published: 2013-08-20 22:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html
cve@mitre.org	http://puppetlabs.com/security/cve/cve-2013-4761/	Vendor Advisory
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2013-1283.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2013-1284.html
cve@mitre.org	http://www.debian.org/security/2013/dsa-2761
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html
af854a3a-2127-422b-91ae-364da2661108	http://puppetlabs.com/security/cve/cve-2013-4761/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-1283.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-1284.html
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2013/dsa-2761

Impacted products

Vendor	Product	Version
puppet	puppet	3.2.1
puppet	puppet	3.2.2
puppet	puppet	3.2.3
puppetlabs	puppet	3.2.0
puppet	puppet	2.7.2
puppetlabs	puppet	2.7.0
puppetlabs	puppet	2.7.1
puppet	puppet_enterprise	2.8.0
puppet	puppet_enterprise	2.8.1
puppet	puppet_enterprise	2.8.2
puppet	puppet_enterprise	3.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:puppet:puppet:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "867A327E-421F-46A9-877C-8A2911971E39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:puppet:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "75BA8116-F64D-4CB2-A4DE-B21864962029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:puppet:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4F1986C-D984-4B90-A790-5D247902AB8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppetlabs:puppet:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12419C96-61A4-46B3-B8DA-FE3B8E7ACAEF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE56BA6B-BDC4-431E-81FD-D7ED5E8783E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E5192CB-094F-469E-A644-2255C4F44804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D17D2752-CB0D-4CC8-8604-FEBF8DEE16E0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C43CD3C-ACDB-418B-B67D-9C8EFAC0680C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8F80AD-1E8E-40BE-883D-6F7F61D4A274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C6E27BB-6444-49E2-8B89-D7E09284D29C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puppet:puppet_enterprise:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0A2F50-A73B-4598-BE73-1DDA1084352A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar  en Puppet 2.7.x anterior a  2.7.23 y 3.2.x anterior a  3.2.4, y  Puppet Enterprise 2.8.x anterior a  2.8.3 y  3.0.x anterior a  3.0.1, permite a atacantes remotos ejecutar programas Ruby arbitrariamente desde el master a trav\u00e9s del servicio resource_type. NOTA: esta vulnerabilidad \u00fanicamente puede ser explotada utilizando un \"acceso local al sistema de ficheros no especificado\" al Puppet Master."
    }
  ],
  "id": "CVE-2013-4761",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-08-20T22:55:04.297",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://puppetlabs.com/security/cve/cve-2013-4761/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2013/dsa-2761"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://puppetlabs.com/security/cve/cve-2013-4761/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2761"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2013-4761

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-4761

Aliases

CVE-2013-4761

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-4761",
    "description": "Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master.",
    "id": "GSD-2013-4761",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-4761.html",
      "https://www.debian.org/security/2013/dsa-2761",
      "https://access.redhat.com/errata/RHSA-2013:1284",
      "https://access.redhat.com/errata/RHSA-2013:1283",
      "https://advisories.mageia.org/CVE-2013-4761.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2013-4761.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-4761"
      ],
      "details": "Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master.",
      "id": "GSD-2013-4761",
      "modified": "2023-12-13T01:22:16.489673Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-4761",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-2761",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2013/dsa-2761"
          },
          {
            "name": "SUSE-SU-2014:0155",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html"
          },
          {
            "name": "http://puppetlabs.com/security/cve/cve-2013-4761/",
            "refsource": "CONFIRM",
            "url": "http://puppetlabs.com/security/cve/cve-2013-4761/"
          },
          {
            "name": "RHSA-2013:1284",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html"
          },
          {
            "name": "RHSA-2013:1283",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=2.7.0 \u003c2.7.23||\u003e3.2.0 \u003c3.2.4",
          "affected_versions": "All versions starting from 2.7.0 before 2.7.23, all versions after 3.2.0 before 3.2.4",
          "cvss_v2": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2021-12-02",
          "description": "Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master.",
          "fixed_versions": [
            "2.7.23",
            "3.2.4"
          ],
          "identifier": "CVE-2013-4761",
          "identifiers": [
            "GHSA-cj43-9h3w-v976",
            "CVE-2013-4761"
          ],
          "not_impacted": "All versions before 2.7.0, all versions starting from 2.7.23 up to 3.2.0, all versions starting from 3.2.4",
          "package_slug": "gem/puppet",
          "pubdate": "2017-10-24",
          "solution": "Upgrade to versions 2.7.23, 3.2.4 or above.",
          "title": "Moderate severity vulnerability that affects puppet",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2013-4761",
            "https://github.com/advisories/GHSA-cj43-9h3w-v976",
            "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html",
            "http://puppetlabs.com/security/cve/cve-2013-4761/",
            "http://rhn.redhat.com/errata/RHSA-2013-1283.html",
            "http://rhn.redhat.com/errata/RHSA-2013-1284.html",
            "http://www.debian.org/security/2013/dsa-2761"
          ],
          "uuid": "0f926eec-1f5b-4560-912d-6467ba3608fe"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:puppetlabs:puppet:3.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:3.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:3.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:2.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:2.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-4761"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://puppetlabs.com/security/cve/cve-2013-4761/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://puppetlabs.com/security/cve/cve-2013-4761/"
            },
            {
              "name": "DSA-2761",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2013/dsa-2761"
            },
            {
              "name": "RHSA-2013:1284",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html"
            },
            {
              "name": "RHSA-2013:1283",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html"
            },
            {
              "name": "SUSE-SU-2014:0155",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-07-10T18:10Z",
      "publishedDate": "2013-08-20T22:55Z"
    }
  }
}

CERTA-2013-AVI-482

Vulnerability from certfr_avis - Published: 2013-08-19 - Updated: 2013-08-19

De multiples vulnérabilités ont été corrigées dans Puppet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	versions antérieures à Puppet Enterprise 2.8.3
N/A	N/A	versions antérieures à Puppet 3.2.4
N/A	N/A	versions antérieures à Puppet 2.7.23
N/A	N/A	Versions antérieures à Puppet Enterprise 3.0.1

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-4761 (GCVE-0-2013-4761)

GHSA-CJ43-9H3W-V976

FKIE_CVE-2013-4761

GSD-2013-4761

CERTA-2013-AVI-482

Solution

Tags

Sightings

Nomenclature