Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-3567

Опубликовано: 19 авг. 2013
Источник: nvd
CVSS2: 7.5
EPSS Средний

Описание

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.21:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:3.2.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:novell:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp2:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp2:*:*:*:vmware:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*
Конфигурация 4

Одно из

cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
Версия до 2.8.1 (включая)
cpe:2.3:a:puppet:puppet_enterprise:1.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:1.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:1.0.0:-:enterprise:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:1.1.0:-:enterprise:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:1.2.0:-:enterprise:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.5.0:-:enterprise:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.6.0:-:enterprise:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.7.0:-:enterprise:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.7.1:-:enterprise:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.7.2:-:enterprise:*:*:*:*:*

EPSS

Процентиль: 93%
0.11139
Средний

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2013-3567

ubuntu
больше 12 лет назад

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

redhat логотип

CVE-2013-3567

redhat
больше 12 лет назад

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

debian логотип

CVE-2013-3567

debian
больше 12 лет назад

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterpri ...

github логотип

GHSA-f7p5-w2cr-7cp7

github
больше 8 лет назад

Puppet Improper Input Validation vulnerability

suse-cvrf логотип

SUSE-RU-2015:0696-1

suse-cvrf
больше 11 лет назад

Security update for puppet

EPSS

Процентиль: 93%
0.11139
Средний

7.5 High

CVSS2

Дефекты

CWE-20