Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-4967

Опубликовано: 20 авг. 2013
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
Версия до 3.0.0 (включая)
cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.8.3:*:*:*:*:*:*:*

EPSS

Процентиль: 48%
0.0025
Низкий

5 Medium

CVSS2

Дефекты

CWE-255

Связанные уязвимости

ubuntu логотип

CVE-2013-4967

ubuntu
больше 12 лет назад

Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.

debian логотип

CVE-2013-4967

debian
больше 12 лет назад

Puppet Enterprise before 3.0.1 allows remote attackers to obtain the d ...

github логотип

GHSA-6fpw-3pwr-rq86

github
больше 3 лет назад

Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.

EPSS

Процентиль: 48%
0.0025
Низкий

5 Medium

CVSS2

Дефекты

CWE-255