Showing 1 - 3 of 3

CVE-2013-2274

Status Candidate

Overview

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.

Related Files

Gentoo Linux Security Advisory 2013-08-04: Posted Aug 23, 2013; Site security.gentoo.org; Gentoo Linux Security Advisory 2013-08-04 - Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code. Versions less than 2.7.23 are affected.; tags | advisory, arbitrary, vulnerability; advisories | CVE-2012-6120, CVE-2013-1640, CVE-2013-1652, CVE-2013-1653, CVE-2013-1654, CVE-2013-1655, CVE-2013-2274, CVE-2013-2275, CVE-2013-3567, CVE-2013-4761, CVE-2013-4956; SHA-256 | 0540da72c54f57cbe5a156cdb95056d98fa489beca31a869e539fa0bb49ca073; Download | Favorite | View

Red Hat Security Advisory 2013-0710-01: Posted Apr 5, 2013; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2013-0710-01 - Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in how Puppet handled certain HTTP PUT requests. An attacker with valid authentication credentials, and authorized to save to the authenticated client's own report, could construct a malicious request that could possibly cause the Puppet master to execute arbitrary code. A flaw was found in how Puppet handled the "template" and "inline_template" functions during catalog compilation. If an authenticated attacker were to requests its catalog from the Puppet master, it could possibly result in arbitrary code execution when the catalog is compiled.; tags | advisory, web, arbitrary, code execution; systems | linux, redhat; advisories | CVE-2012-6120, CVE-2013-1640, CVE-2013-1652, CVE-2013-1654, CVE-2013-2274, CVE-2013-2275; SHA-256 | 287e00cc1e326aec1722ac557fce76b5e0388b5683cb3624788e846953353c44; Download | Favorite | View

Debian Security Advisory 2643-1: Posted Mar 13, 2013; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2643-1 - Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2013-1640, CVE-2013-1652, CVE-2013-1653, CVE-2013-1654, CVE-2013-1655, CVE-2013-2274, CVE-2013-2275; SHA-256 | 626b2c43b3fc60e5818364c42a1dce9ed4a162377a90fdd4f2f3cc47cac16b60; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

CVE-2013-2274

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems