What is the severity of CVE-2013-1653?

CVE-2013-1653 has a medium severity level, as it allows remote authenticated users to execute arbitrary code.

How do I fix CVE-2013-1653?

To fix CVE-2013-1653, upgrade Puppet to the latest version that addresses this vulnerability.

Which versions of Puppet are affected by CVE-2013-1653?

CVE-2013-1653 affects Puppet versions before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1.

Is Puppet Enterprise affected by CVE-2013-1653?

Yes, Puppet Enterprise versions before 1.2.7 and 2.7.x before 2.7.2 are affected by CVE-2013-1653.

What are the potential impacts of CVE-2013-1653?

The impact of CVE-2013-1653 includes the possibility for remote authenticated users to execute arbitrary code, compromising system integrity.

Vulnerability/
CVE-2013-1653

high

7.1

20/3/2013

6/8/2024

CVE-2013-1653

First published: Wed Mar 20 2013(Updated: )

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Puppet by Puppet Labs	>=2.6.0<=2.6.17
Puppet by Puppet Labs	=2.7.2
Puppet by Puppet Labs	=2.7.3
Puppet by Puppet Labs	=2.7.4
Puppet by Puppet Labs	=2.7.5
Puppet by Puppet Labs	=2.7.6
Puppet by Puppet Labs	=2.7.7
Puppet by Puppet Labs	=2.7.8
Puppet by Puppet Labs	=2.7.9
Puppet by Puppet Labs	=2.7.10
Puppet by Puppet Labs	=2.7.11
Puppet by Puppet Labs	=2.7.12
Puppet by Puppet Labs	=2.7.13
Puppet by Puppet Labs	=2.7.14
Puppet by Puppet Labs	=2.7.16
Puppet by Puppet Labs	=2.7.17
Puppet by Puppet Labs	=2.7.18
Puppet by Puppet Labs	=2.7.0
Puppet by Puppet Labs	=2.7.1
Puppet by Puppet Labs	=2.7.19
Puppet by Puppet Labs	=2.7.20
Puppet by Puppet Labs	=2.7.20-rc1
Puppetlabs Puppet Enterprise	=3.1.0
Puppet by Puppet Labs	=1.0
Puppet by Puppet Labs	=1.1
Puppet by Puppet Labs	=1.2.0
Puppet by Puppet Labs	=1.2.1
Puppet by Puppet Labs	=1.2.2
Puppet by Puppet Labs	=1.2.3
Puppet by Puppet Labs	=1.2.4
Puppet by Puppet Labs	=1.2.5
Puppet by Puppet Labs	=1.2.6
Puppetlabs Puppet Enterprise	=2.7.0
Puppetlabs Puppet Enterprise	=2.7.1
Ubuntu Linux	=11.10
Ubuntu Linux	=12.04
Ubuntu Linux	=12.10

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-1653?
CVE-2013-1653 has a medium severity level, as it allows remote authenticated users to execute arbitrary code.
How do I fix CVE-2013-1653?
To fix CVE-2013-1653, upgrade Puppet to the latest version that addresses this vulnerability.
Which versions of Puppet are affected by CVE-2013-1653?
CVE-2013-1653 affects Puppet versions before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1.
Is Puppet Enterprise affected by CVE-2013-1653?
Yes, Puppet Enterprise versions before 1.2.7 and 2.7.x before 2.7.2 are affected by CVE-2013-1653.
What are the potential impacts of CVE-2013-1653?
The impact of CVE-2013-1653 includes the possibility for remote authenticated users to execute arbitrary code, compromising system integrity.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/author
agent/references
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/puppet
canonical/puppet by puppet labs
version/puppet by puppet labs/2.6.0
version/puppet by puppet labs/2.6.17
version/puppet by puppet labs/2.7.2
version/puppet by puppet labs/2.7.3
version/puppet by puppet labs/2.7.4
version/puppet by puppet labs/2.7.5
version/puppet by puppet labs/2.7.6
version/puppet by puppet labs/2.7.7
version/puppet by puppet labs/2.7.8
version/puppet by puppet labs/2.7.9
version/puppet by puppet labs/2.7.10
version/puppet by puppet labs/2.7.11
version/puppet by puppet labs/2.7.12
version/puppet by puppet labs/2.7.13
version/puppet by puppet labs/2.7.14
version/puppet by puppet labs/2.7.16
version/puppet by puppet labs/2.7.17
version/puppet by puppet labs/2.7.18
vendor/puppetlabs
version/puppet by puppet labs/2.7.0
version/puppet by puppet labs/2.7.1
version/puppet by puppet labs/2.7.19
version/puppet by puppet labs/2.7.20
version/puppet by puppet labs/2.7.20-rc1
canonical/puppetlabs puppet enterprise
version/puppetlabs puppet enterprise/3.1.0
version/puppet by puppet labs/1.0
version/puppet by puppet labs/1.1
version/puppet by puppet labs/1.2.0
version/puppet by puppet labs/1.2.1
version/puppet by puppet labs/1.2.2
version/puppet by puppet labs/1.2.3
version/puppet by puppet labs/1.2.4
version/puppet by puppet labs/1.2.5
version/puppet by puppet labs/1.2.6
version/puppetlabs puppet enterprise/2.7.0
version/puppetlabs puppet enterprise/2.7.1
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/11.10
version/ubuntu linux/12.04
version/ubuntu linux/12.10

Frequently Asked Questions

What is the severity of CVE-2013-1653?
CVE-2013-1653 has a medium severity level, as it allows remote authenticated users to execute arbitrary code.
How do I fix CVE-2013-1653?
To fix CVE-2013-1653, upgrade Puppet to the latest version that addresses this vulnerability.
Which versions of Puppet are affected by CVE-2013-1653?
CVE-2013-1653 affects Puppet versions before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1.
Is Puppet Enterprise affected by CVE-2013-1653?
Yes, Puppet Enterprise versions before 1.2.7 and 2.7.x before 2.7.2 are affected by CVE-2013-1653.
What are the potential impacts of CVE-2013-1653?
The impact of CVE-2013-1653 includes the possibility for remote authenticated users to execute arbitrary code, compromising system integrity.

CVE-2013-1653

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-1653?

How do I fix CVE-2013-1653?

Which versions of Puppet are affected by CVE-2013-1653?

Is Puppet Enterprise affected by CVE-2013-1653?

What are the potential impacts of CVE-2013-1653?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2013-1653?

How do I fix CVE-2013-1653?

Which versions of Puppet are affected by CVE-2013-1653?

Is Puppet Enterprise affected by CVE-2013-1653?

What are the potential impacts of CVE-2013-1653?