CVE-2013-4969 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	2.1 UNKNOWN	LOCAL	LOW		AV:L/AC:L/Au:N/C:N/I:P/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Vendor	Product	Version
puppetlabs	puppet	3.0.0 ≤ 𝑥 ≤ 3.3.2
puppetlabs	puppet	3.4.0 ≤ 𝑥 < 3.4.1
puppet	puppet_enterprise	2.0.0 ≤ 𝑥 < 2.8.4
puppet	puppet_enterprise	3.1 ≤ 𝑥 < 3.1.1
debian	debian_linux	6.0
debian	debian_linux	7.0
debian	debian_linux	8.0
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	12.10
canonical	ubuntu_linux	13.04
canonical	ubuntu_linux	13.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

puppet

bullseye

5.5.22-2

fixed

Ubuntu Releases

Ubuntu Product

Codename

puppet

saucy	Fixed 3.2.4-2ubuntu2.2 released
raring	Fixed 2.7.18-4ubuntu1.3 released
quantal	Fixed 2.7.18-1ubuntu1.4 released
precise	Fixed 2.7.11-1ubuntu2.6 released
lucid	ignored

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://puppetlabs.com/security/cve/cve-2013-4969

http://secunia.com/advisories/56253

http://secunia.com/advisories/56254

http://www.debian.org/security/2013/dsa-2831

http://www.ubuntu.com/usn/USN-2077-1

http://puppetlabs.com/security/cve/cve-2013-4969

http://secunia.com/advisories/56253

http://secunia.com/advisories/56254

http://www.debian.org/security/2013/dsa-2831

http://www.ubuntu.com/usn/USN-2077-1