CVE-2013-1652

medium

Description

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.

References

Advisories
More

http://www.securityfocus.com/bid/58443

http://www.debian.org/security/2013/dsa-2643

http://ubuntu.com/usn/usn-1759-1

http://secunia.com/advisories/52596

http://rhn.redhat.com/errata/RHSA-2013-0710.html

http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html

https://puppetlabs.com/security/cve/cve-2013-1652/

Details

Source: Mitre, NVD

Published: 2013-03-20

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00307