What is the severity of CVE-2013-2275?

CVE-2013-2275 has a moderate severity rating due to its potential for unauthorized report submissions by authenticated nodes.

How do I fix CVE-2013-2275?

To fix CVE-2013-2275, upgrade Puppet to versions 2.6.18, 2.7.21, 3.1.1 or later, as well as ensuring Puppet Enterprise is updated to version 1.2.7 or higher.

Which versions of Puppet are affected by CVE-2013-2275?

CVE-2013-2275 affects Puppet versions from 0.25.0 up to 2.6.17, and various versions of 2.7.x and 3.1.x prior to the respective secure releases.

Can authenticated nodes exploit CVE-2013-2275?

Yes, authenticated nodes can exploit CVE-2013-2275 to submit reports for other nodes if the vulnerable versions are in use.

Is there a workaround for CVE-2013-2275 if I cannot update Puppet?

A possible workaround for CVE-2013-2275 would involve adjusting the Puppet master configurations to restrict report submission to only the intended nodes.

Vulnerability/
CVE-2013-2275

medium

20/3/2013

6/8/2024

CVE-2013-2275

First published: Wed Mar 20 2013(Updated: )

The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Puppet by Puppet Labs	=2.6.0
Puppet by Puppet Labs	=2.6.1
Puppet by Puppet Labs	=2.6.2
Puppet by Puppet Labs	=2.6.3
Puppet by Puppet Labs	=2.6.4
Puppet by Puppet Labs	=2.6.5
Puppet by Puppet Labs	=2.6.6
Puppet by Puppet Labs	=2.6.7
Puppet by Puppet Labs	=2.6.8
Puppet by Puppet Labs	=2.6.9
Puppet by Puppet Labs	=2.6.10
Puppet by Puppet Labs	=2.6.11
Puppet by Puppet Labs	=2.6.12
Puppet by Puppet Labs	=2.6.13
Puppet by Puppet Labs	=2.6.14
Puppet by Puppet Labs	=2.6.15
Puppet by Puppet Labs	=2.6.16
Puppet by Puppet Labs	<=2.6.17
Puppet by Puppet Labs	=2.7.2
Puppet by Puppet Labs	=2.7.3
Puppet by Puppet Labs	=2.7.4
Puppet by Puppet Labs	=2.7.5
Puppet by Puppet Labs	=2.7.6
Puppet by Puppet Labs	=2.7.7
Puppet by Puppet Labs	=2.7.8
Puppet by Puppet Labs	=2.7.9
Puppet by Puppet Labs	=2.7.10
Puppet by Puppet Labs	=2.7.11
Puppet by Puppet Labs	=2.7.12
Puppet by Puppet Labs	=2.7.13
Puppet by Puppet Labs	=2.7.14
Puppet by Puppet Labs	=2.7.16
Puppet by Puppet Labs	=2.7.17
Puppet by Puppet Labs	=2.7.18
Puppet by Puppet Labs	=2.7.0
Puppet by Puppet Labs	=2.7.1
Puppet by Puppet Labs	=2.7.19
Puppet by Puppet Labs	=2.7.20
Puppet by Puppet Labs	=2.7.20-rc1
Puppetlabs Puppet Enterprise	=3.1.0
Puppet by Puppet Labs	<=1.2.6
Puppetlabs Puppet Enterprise	=2.7.0
Puppetlabs Puppet Enterprise	=2.7.1
Ubuntu Linux	=11.10
Ubuntu Linux	=12.04
Ubuntu Linux	=12.10

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-2275?
CVE-2013-2275 has a moderate severity rating due to its potential for unauthorized report submissions by authenticated nodes.
How do I fix CVE-2013-2275?
To fix CVE-2013-2275, upgrade Puppet to versions 2.6.18, 2.7.21, 3.1.1 or later, as well as ensuring Puppet Enterprise is updated to version 1.2.7 or higher.
Which versions of Puppet are affected by CVE-2013-2275?
CVE-2013-2275 affects Puppet versions from 0.25.0 up to 2.6.17, and various versions of 2.7.x and 3.1.x prior to the respective secure releases.
Can authenticated nodes exploit CVE-2013-2275?
Yes, authenticated nodes can exploit CVE-2013-2275 to submit reports for other nodes if the vulnerable versions are in use.
Is there a workaround for CVE-2013-2275 if I cannot update Puppet?
A possible workaround for CVE-2013-2275 would involve adjusting the Puppet master configurations to restrict report submission to only the intended nodes.

agent/type
agent/references
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/puppet
canonical/puppet by puppet labs
version/puppet by puppet labs/2.6.0
version/puppet by puppet labs/2.6.1
version/puppet by puppet labs/2.6.2
version/puppet by puppet labs/2.6.3
version/puppet by puppet labs/2.6.4
version/puppet by puppet labs/2.6.5
version/puppet by puppet labs/2.6.6
version/puppet by puppet labs/2.6.7
version/puppet by puppet labs/2.6.8
version/puppet by puppet labs/2.6.9
version/puppet by puppet labs/2.6.10
version/puppet by puppet labs/2.6.11
version/puppet by puppet labs/2.6.12
version/puppet by puppet labs/2.6.13
version/puppet by puppet labs/2.6.14
version/puppet by puppet labs/2.6.15
version/puppet by puppet labs/2.6.16
vendor/puppetlabs
version/puppet by puppet labs/2.6.17
version/puppet by puppet labs/2.7.2
version/puppet by puppet labs/2.7.3
version/puppet by puppet labs/2.7.4
version/puppet by puppet labs/2.7.5
version/puppet by puppet labs/2.7.6
version/puppet by puppet labs/2.7.7
version/puppet by puppet labs/2.7.8
version/puppet by puppet labs/2.7.9
version/puppet by puppet labs/2.7.10
version/puppet by puppet labs/2.7.11
version/puppet by puppet labs/2.7.12
version/puppet by puppet labs/2.7.13
version/puppet by puppet labs/2.7.14
version/puppet by puppet labs/2.7.16
version/puppet by puppet labs/2.7.17
version/puppet by puppet labs/2.7.18
version/puppet by puppet labs/2.7.0
version/puppet by puppet labs/2.7.1
version/puppet by puppet labs/2.7.19
version/puppet by puppet labs/2.7.20
version/puppet by puppet labs/2.7.20-rc1
canonical/puppetlabs puppet enterprise
version/puppetlabs puppet enterprise/3.1.0
version/puppet by puppet labs/1.2.6
version/puppetlabs puppet enterprise/2.7.0
version/puppetlabs puppet enterprise/2.7.1
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/11.10
version/ubuntu linux/12.04
version/ubuntu linux/12.10

Frequently Asked Questions

What is the severity of CVE-2013-2275?
CVE-2013-2275 has a moderate severity rating due to its potential for unauthorized report submissions by authenticated nodes.
How do I fix CVE-2013-2275?
To fix CVE-2013-2275, upgrade Puppet to versions 2.6.18, 2.7.21, 3.1.1 or later, as well as ensuring Puppet Enterprise is updated to version 1.2.7 or higher.
Which versions of Puppet are affected by CVE-2013-2275?
CVE-2013-2275 affects Puppet versions from 0.25.0 up to 2.6.17, and various versions of 2.7.x and 3.1.x prior to the respective secure releases.
Can authenticated nodes exploit CVE-2013-2275?
Yes, authenticated nodes can exploit CVE-2013-2275 to submit reports for other nodes if the vulnerable versions are in use.
Is there a workaround for CVE-2013-2275 if I cannot update Puppet?
A possible workaround for CVE-2013-2275 would involve adjusting the Puppet master configurations to restrict report submission to only the intended nodes.

CVE-2013-2275

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-2275?

How do I fix CVE-2013-2275?

Which versions of Puppet are affected by CVE-2013-2275?

Can authenticated nodes exploit CVE-2013-2275?

Is there a workaround for CVE-2013-2275 if I cannot update Puppet?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2013-2275?

How do I fix CVE-2013-2275?

Which versions of Puppet are affected by CVE-2013-2275?

Can authenticated nodes exploit CVE-2013-2275?

Is there a workaround for CVE-2013-2275 if I cannot update Puppet?