CVE-2013-2275
Summary
| CVE | CVE-2013-2275 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-03-20 16:55:01 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors. |
Risk And Classification
Primary CVSS: v2.0 4 from [email protected]
AV:N/AC:L/Au:S/C:N/I:P/A:N
Problem Types: NVD-CWE-noinfo | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
SingleConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:L/Au:S/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 11.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.10 | All | All | All |
| Application | Puppet | Puppet | 2.6.0 | All | All | All |
| Application | Puppet | Puppet | 2.6.1 | All | All | All |
| Application | Puppet | Puppet | 2.6.10 | All | All | All |
| Application | Puppet | Puppet | 2.6.11 | All | All | All |
| Application | Puppet | Puppet | 2.6.12 | All | All | All |
| Application | Puppet | Puppet | 2.6.13 | All | All | All |
| Application | Puppet | Puppet | 2.6.14 | All | All | All |
| Application | Puppet | Puppet | 2.6.15 | All | All | All |
| Application | Puppet | Puppet | 2.6.16 | All | All | All |
| Application | Puppet | Puppet | 2.6.2 | All | All | All |
| Application | Puppet | Puppet | 2.6.3 | All | All | All |
| Application | Puppet | Puppet | 2.6.4 | All | All | All |
| Application | Puppet | Puppet | 2.6.5 | All | All | All |
| Application | Puppet | Puppet | 2.6.6 | All | All | All |
| Application | Puppet | Puppet | 2.6.7 | All | All | All |
| Application | Puppet | Puppet | 2.6.8 | All | All | All |
| Application | Puppet | Puppet | 2.6.9 | All | All | All |
| Application | Puppet | Puppet | 2.7.10 | All | All | All |
| Application | Puppet | Puppet | 2.7.11 | All | All | All |
| Application | Puppet | Puppet | 2.7.12 | All | All | All |
| Application | Puppet | Puppet | 2.7.13 | All | All | All |
| Application | Puppet | Puppet | 2.7.14 | All | All | All |
| Application | Puppet | Puppet | 2.7.16 | All | All | All |
| Application | Puppet | Puppet | 2.7.17 | All | All | All |
| Application | Puppet | Puppet | 2.7.18 | All | All | All |
| Application | Puppet | Puppet | 2.7.2 | All | All | All |
| Application | Puppet | Puppet | 2.7.3 | All | All | All |
| Application | Puppet | Puppet | 2.7.4 | All | All | All |
| Application | Puppet | Puppet | 2.7.5 | All | All | All |
| Application | Puppet | Puppet | 2.7.6 | All | All | All |
| Application | Puppet | Puppet | 2.7.7 | All | All | All |
| Application | Puppet | Puppet | 2.7.8 | All | All | All |
| Application | Puppet | Puppet | 2.7.9 | All | All | All |
| Application | Puppet | Puppet Enterprise | 2.7.0 | All | All | All |
| Application | Puppet | Puppet Enterprise | 2.7.1 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.1.0 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.0 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.1 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.19 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.20 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.20 | rc1 | All | All |
| Application | Puppetlabs | Puppet | All | All | All | All |
| Application | Puppetlabs | Puppet | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| USN-1759-1: Puppet vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | ubuntu.com | Third Party Advisory |
| Puppet 'auth.conf' CVE-2013-2275 Security Bypass Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| Security Advisory SA52596 - Puppet Multiple Vulnerabilities - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| openSUSE-SU-2013:0641-1: moderate: puppet: security fixes | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| [security-announce] SUSE-SU-2013:0618-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| CVE-2013-2275 | Puppet Labs | af854a3a-2127-422b-91ae-364da2661108 | puppetlabs.com | Vendor Advisory |
| Debian -- Security Information -- DSA-2643-1 puppet | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.