CVE-2013-4761 – puppet

Package

Manager: gem
Name: puppet
Vulnerable Version: >=2.7.0 <2.7.23 || >=3.2.0 <3.2.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:H/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.0062 pctl0.69107

Details

Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.

Metadata

Created: 2017-10-24T18:33:37Z
Modified: 2022-10-04T21:44:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-cj43-9h3w-v976/GHSA-cj43-9h3w-v976.json
CWE IDs: []
Alternative ID: GHSA-cj43-9h3w-v976
Finding: F422
Auto approve: 1