CVE-2013-3567
EUVD-2017-022419.08.2013, 23:55
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| puppet | puppet | 2.7.2 |
| puppet | puppet | 2.7.10 |
| puppet | puppet | 2.7.11 |
| puppet | puppet | 2.7.12 |
| puppet | puppet | 2.7.13 |
| puppet | puppet | 2.7.14 |
| puppet | puppet | 2.7.16 |
| puppet | puppet | 2.7.17 |
| puppet | puppet | 2.7.18 |
| puppet | puppet | 2.7.21 |
| puppet | puppet | 3.2.1 |
| puppetlabs | puppet | 2.7.0 |
| puppetlabs | puppet | 2.7.1 |
| puppetlabs | puppet | 2.7.19 |
| puppetlabs | puppet | 2.7.20 |
| puppetlabs | puppet | 2.7.20:rc1 |
| puppetlabs | puppet | 3.2.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 12.10 |
| canonical | ubuntu_linux | 13.04 |
| novell | suse_linux_enterprise_desktop | 11.0:sp2 |
| novell | suse_linux_enterprise_server | 11.0:sp2 |
| novell | suse_linux_enterprise_server | 11.0:sp3 |
| novell | suse_linux_enterprise_server | 11.0:sp3 |
| puppet | puppet_enterprise | 𝑥 ≤ 2.8.1 |
| puppet | puppet_enterprise | 1.0 |
| puppet | puppet_enterprise | 1.1 |
| puppet | puppet_enterprise | 1.2.0 |
| puppet | puppet_enterprise | 2.0.0 |
| puppet | puppet_enterprise | 2.5.1 |
| puppet | puppet_enterprise | 2.5.2 |
| puppet | puppet_enterprise | 2.8.0 |
| puppetlabs | puppet | 1.0.0 |
| puppetlabs | puppet | 1.1.0 |
| puppetlabs | puppet | 1.2.0 |
| puppetlabs | puppet | 2.5.0 |
| puppetlabs | puppet | 2.6.0 |
| puppetlabs | puppet | 2.7.0 |
| puppetlabs | puppet | 2.7.1 |
| puppetlabs | puppet | 2.7.2 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
References