Vulnerability Details CVE-2013-1655
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
- http://secunia.com/advisories/52596
- http://ubuntu.com/usn/usn-1759-1
- http://www.debian.org/security/2013/dsa-2643
- http://www.securityfocus.com/bid/58442
- https://puppetlabs.com/security/cve/cve-2013-1655/
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
- http://secunia.com/advisories/52596
- http://ubuntu.com/usn/usn-1759-1
- http://www.debian.org/security/2013/dsa-2643
- http://www.securityfocus.com/bid/58442
- https://puppetlabs.com/security/cve/cve-2013-1655/
Products affected by CVE-2013-1655
-
cpe:2.3:a:puppet:puppet:2.7.10
-
cpe:2.3:a:puppet:puppet:2.7.11
-
cpe:2.3:a:puppet:puppet:2.7.12
-
cpe:2.3:a:puppet:puppet:2.7.13
-
cpe:2.3:a:puppet:puppet:2.7.14
-
cpe:2.3:a:puppet:puppet:2.7.16
-
cpe:2.3:a:puppet:puppet:2.7.17
-
cpe:2.3:a:puppet:puppet:2.7.18
-
cpe:2.3:a:puppet:puppet:2.7.2
-
cpe:2.3:a:puppet:puppet:2.7.3
-
cpe:2.3:a:puppet:puppet:2.7.4
-
cpe:2.3:a:puppet:puppet:2.7.5
-
cpe:2.3:a:puppet:puppet:2.7.6
-
cpe:2.3:a:puppet:puppet:2.7.7
-
cpe:2.3:a:puppet:puppet:2.7.8
-
cpe:2.3:a:puppet:puppet:2.7.9
-
cpe:2.3:a:puppet:puppet_enterprise:3.1.0
-
cpe:2.3:a:puppetlabs:puppet:2.7.0
-
cpe:2.3:a:puppetlabs:puppet:2.7.1
-
cpe:2.3:a:puppetlabs:puppet:2.7.19
-
cpe:2.3:a:puppetlabs:puppet:2.7.20
-
cpe:2.3:a:ruby-lang:ruby:1.9
-
cpe:2.3:a:ruby-lang:ruby:1.9.1
-
cpe:2.3:a:ruby-lang:ruby:1.9.2
-
cpe:2.3:a:ruby-lang:ruby:1.9.3
-
cpe:2.3:a:ruby-lang:ruby:2.0
-
cpe:2.3:a:ruby-lang:ruby:2.0.0