Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNqNDMtOWgzdy12OTc2
Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.
Permalink: https://github.com/advisories/GHSA-cj43-9h3w-v976JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNqNDMtOWgzdy12OTc2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 7 years ago
Updated: about 1 year ago
EPSS Percentage: 0.01121
EPSS Percentile: 0.84363
Identifiers: GHSA-cj43-9h3w-v976, CVE-2013-4761
References:
- https://nvd.nist.gov/vuln/detail/CVE-2013-4761
- http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html
- http://puppetlabs.com/security/cve/cve-2013-4761/
- http://rhn.redhat.com/errata/RHSA-2013-1283.html
- http://rhn.redhat.com/errata/RHSA-2013-1284.html
- http://www.debian.org/security/2013/dsa-2761
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml
- https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability
- https://github.com/advisories/GHSA-cj43-9h3w-v976
Affected Packages
rubygems:puppet
Dependent packages: 112Dependent repositories: 12,289
Downloads: 27,006,591 total
Affected Version Ranges: >= 3.2.0, < 3.2.4, >= 2.7.0, < 2.7.23
Fixed in: 3.2.4, 2.7.23
All affected versions: 2.7.1, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.8, 2.7.9, 2.7.11, 2.7.12, 2.7.13, 2.7.14, 2.7.16, 2.7.17, 2.7.18, 2.7.19, 2.7.20, 2.7.21, 2.7.22, 3.2.1, 3.2.2, 3.2.3
All unaffected versions: 0.9.2, 0.13.0, 0.13.1, 0.13.2, 0.13.6, 0.16.0, 0.18.4, 0.22.4, 0.23.0, 0.23.1, 0.23.2, 0.24.0, 0.24.1, 0.24.2, 0.24.3, 0.24.4, 0.24.5, 0.24.6, 0.24.7, 0.24.8, 0.24.9, 0.25.0, 0.25.1, 0.25.2, 0.25.3, 0.25.4, 0.25.5, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.7.23, 2.7.24, 2.7.25, 2.7.26, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.2.4, 3.3.0, 3.3.1, 3.3.2, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.1, 3.6.0, 3.6.1, 3.6.2, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.7.5, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 4.0.0, 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.1, 4.6.2, 4.7.0, 4.7.1, 4.8.0, 4.8.1, 4.8.2, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.10.0, 4.10.1, 4.10.4, 4.10.5, 4.10.6, 4.10.7, 4.10.8, 4.10.9, 4.10.10, 4.10.11, 4.10.12, 5.0.0, 5.0.1, 5.1.0, 5.2.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.3.7, 5.4.0, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.6, 5.5.7, 5.5.8, 5.5.10, 5.5.12, 5.5.13, 5.5.14, 5.5.16, 5.5.17, 5.5.18, 5.5.19, 5.5.20, 5.5.21, 5.5.22, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.5.0, 6.6.0, 6.7.0, 6.7.2, 6.8.0, 6.8.1, 6.9.0, 6.10.0, 6.10.1, 6.11.0, 6.11.1, 6.12.0, 6.13.0, 6.14.0, 6.15.0, 6.16.0, 6.17.0, 6.18.0, 6.19.0, 6.19.1, 6.20.0, 6.21.0, 6.21.1, 6.22.1, 6.23.0, 6.24.0, 6.25.0, 6.25.1, 6.26.0, 6.27.0, 6.28.0, 6.29.0, 7.0.0, 7.1.0, 7.3.0, 7.4.0, 7.4.1, 7.5.0, 7.6.1, 7.7.0, 7.8.0, 7.9.0, 7.10.0, 7.11.0, 7.12.0, 7.12.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 7.25.0, 7.26.0, 7.27.0, 7.28.0, 7.29.0, 7.29.1, 7.30.0, 7.31.0, 7.32.1, 7.33.0, 7.34.0, 8.0.0, 8.0.1, 8.1.0, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.5.0, 8.5.1, 8.6.0, 8.7.0, 8.8.1, 8.9.0, 8.10.0