CVE-2013-2275
Summary
| CVE | CVE-2013-2275 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-03-20 16:55:00 UTC |
| Updated | 2019-07-10 18:02:00 UTC |
| Description | The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 11.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 11.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.10 | All | All | All |
| Application | Puppet | Puppet | 2.6.0 | All | All | All |
| Application | Puppet | Puppet | 2.6.1 | All | All | All |
| Application | Puppet | Puppet | 2.6.10 | All | All | All |
| Application | Puppet | Puppet | 2.6.11 | All | All | All |
| Application | Puppet | Puppet | 2.6.12 | All | All | All |
| Application | Puppet | Puppet | 2.6.13 | All | All | All |
| Application | Puppet | Puppet | 2.6.14 | All | All | All |
| Application | Puppet | Puppet | 2.6.15 | All | All | All |
| Application | Puppet | Puppet | 2.6.16 | All | All | All |
| Application | Puppet | Puppet | 2.6.2 | All | All | All |
| Application | Puppet | Puppet | 2.6.3 | All | All | All |
| Application | Puppet | Puppet | 2.6.4 | All | All | All |
| Application | Puppet | Puppet | 2.6.5 | All | All | All |
| Application | Puppet | Puppet | 2.6.6 | All | All | All |
| Application | Puppet | Puppet | 2.6.7 | All | All | All |
| Application | Puppet | Puppet | 2.6.8 | All | All | All |
| Application | Puppet | Puppet | 2.6.9 | All | All | All |
| Application | Puppet | Puppet | 2.7.10 | All | All | All |
| Application | Puppet | Puppet | 2.7.11 | All | All | All |
| Application | Puppet | Puppet | 2.7.12 | All | All | All |
| Application | Puppet | Puppet | 2.7.13 | All | All | All |
| Application | Puppet | Puppet | 2.7.14 | All | All | All |
| Application | Puppet | Puppet | 2.7.16 | All | All | All |
| Application | Puppet | Puppet | 2.7.17 | All | All | All |
| Application | Puppet | Puppet | 2.7.18 | All | All | All |
| Application | Puppet | Puppet | 2.7.2 | All | All | All |
| Application | Puppet | Puppet | 2.7.3 | All | All | All |
| Application | Puppet | Puppet | 2.7.4 | All | All | All |
| Application | Puppet | Puppet | 2.7.5 | All | All | All |
| Application | Puppet | Puppet | 2.7.6 | All | All | All |
| Application | Puppet | Puppet | 2.7.7 | All | All | All |
| Application | Puppet | Puppet | 2.7.8 | All | All | All |
| Application | Puppet | Puppet | 2.7.9 | All | All | All |
| Application | Puppet | Puppet | 2.6.0 | All | All | All |
| Application | Puppet | Puppet | 2.6.1 | All | All | All |
| Application | Puppet | Puppet | 2.6.10 | All | All | All |
| Application | Puppet | Puppet | 2.6.11 | All | All | All |
| Application | Puppet | Puppet | 2.6.12 | All | All | All |
| Application | Puppet | Puppet | 2.6.13 | All | All | All |
| Application | Puppet | Puppet | 2.6.14 | All | All | All |
| Application | Puppet | Puppet | 2.6.15 | All | All | All |
| Application | Puppet | Puppet | 2.6.16 | All | All | All |
| Application | Puppet | Puppet | 2.6.2 | All | All | All |
| Application | Puppet | Puppet | 2.6.3 | All | All | All |
| Application | Puppet | Puppet | 2.6.4 | All | All | All |
| Application | Puppet | Puppet | 2.6.5 | All | All | All |
| Application | Puppet | Puppet | 2.6.6 | All | All | All |
| Application | Puppet | Puppet | 2.6.7 | All | All | All |
| Application | Puppet | Puppet | 2.6.8 | All | All | All |
| Application | Puppet | Puppet | 2.6.9 | All | All | All |
| Application | Puppet | Puppet | 2.7.10 | All | All | All |
| Application | Puppet | Puppet | 2.7.11 | All | All | All |
| Application | Puppet | Puppet | 2.7.12 | All | All | All |
| Application | Puppet | Puppet | 2.7.13 | All | All | All |
| Application | Puppet | Puppet | 2.7.14 | All | All | All |
| Application | Puppet | Puppet | 2.7.16 | All | All | All |
| Application | Puppet | Puppet | 2.7.17 | All | All | All |
| Application | Puppet | Puppet | 2.7.18 | All | All | All |
| Application | Puppet | Puppet | 2.7.2 | All | All | All |
| Application | Puppet | Puppet | 2.7.3 | All | All | All |
| Application | Puppet | Puppet | 2.7.4 | All | All | All |
| Application | Puppet | Puppet | 2.7.5 | All | All | All |
| Application | Puppet | Puppet | 2.7.6 | All | All | All |
| Application | Puppet | Puppet | 2.7.7 | All | All | All |
| Application | Puppet | Puppet | 2.7.8 | All | All | All |
| Application | Puppet | Puppet | 2.7.9 | All | All | All |
| Application | Puppet | Puppet Enterprise | 2.7.0 | All | All | All |
| Application | Puppet | Puppet Enterprise | 2.7.1 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.1.0 | All | All | All |
| Application | Puppet | Puppet Enterprise | 2.7.0 | All | All | All |
| Application | Puppet | Puppet Enterprise | 2.7.1 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.1.0 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.0 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.1 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.19 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.20 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.20 | rc1 | All | All |
| Application | Puppetlabs | Puppet | 2.7.0 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.1 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.19 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.20 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.20 | rc1 | All | All |
| Application | Puppetlabs | Puppet | All | All | All | All |
| Application | Puppetlabs | Puppet | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Debian -- Security Information -- DSA-2643-1 puppet | DEBIAN | www.debian.org | Third Party Advisory |
| [security-announce] SUSE-SU-2013:0618-1: important: Security update for | SUSE | lists.opensuse.org | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| CVE-2013-2275 | Puppet Labs | CONFIRM | puppetlabs.com | Vendor Advisory |
| USN-1759-1: Puppet vulnerabilities | Ubuntu | UBUNTU | ubuntu.com | Third Party Advisory |
| Security Advisory SA52596 - Puppet Multiple Vulnerabilities - Secunia | SECUNIA | secunia.com | Third Party Advisory |
| Puppet 'auth.conf' CVE-2013-2275 Security Bypass Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| openSUSE-SU-2013:0641-1: moderate: puppet: security fixes | SUSE | lists.opensuse.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.