Main Vulnerability Database Vulnerabilities #VU41957

#VU41957 Improper Authentication in Puppet Enterprise - CVE-2013-4966

Published: March 9, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41957

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-4966

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Puppet Enterprise

Software vendor:
Puppet Labs

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.

Remediation

Install update from vendor's website.

External links

http://puppetlabs.com/security/cve/cve-2013-4966
http://www.securitytracker.com/id/1029873

#VU41957 Improper Authentication in Puppet Enterprise - CVE-2013-4966

Description

Remediation

External links

Please verify you're human