Description
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.
References (5)
Core 5
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2761
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html
Vendor Advisory x_refsource_confirm
http://puppetlabs.com/security/cve/cve-2013-4761/
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1284.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1283.html
Scores
EPSS
0.0062
EPSS Percentile
70.3%
Details
Status
published
Products (12)
puppet/puppet
3.2.1
puppet/puppet
3.2.2
puppet/puppet
3.2.3
puppet/puppet
2.7.2
puppet/puppet_enterprise
2.8.0
puppet/puppet_enterprise
2.8.1
puppet/puppet_enterprise
2.8.2
puppet/puppet_enterprise
3.0.0
puppetlabs/puppet
3.2.0
puppetlabs/puppet
2.7.0
... and 2 more
Published
Aug 20, 2013
Tracked Since
Feb 18, 2026