Puppet Enterprise < 3.0.1 Multiple Vulnerabilities

medium Nessus Plugin ID 70663

Synopsis

A web application on the remote host has multiple vulnerabilities.

Description

According to its self-reported version number, the Puppet Enterprise install on the remote host is a version prior to 3.0.1. As a result, it reportedly has multiple vulnerabilities:

- An error exists related to the included Ruby SSL client that could allow man-in-the-middle attacks.
(CVE-2013-4073)

- An error exists related to the 'resource_type' service that could allow a local attacker to cause arbitrary Ruby files to be executed. (CVE-2013-4761)

- Multiple session vulnerabilities exist that could allow an attacker to hijack an arbitrary session and gain unauthorized access. (CVE-2013-4762, CVE-2013-4964)

- An error exists related to 'Puppet Module Tool' (PMT) and improper permissions. (CVE-2013-4956)

- Multiple security bypass vulnerabilities exist that could allow an attacker to gain unauthorized access and perform sensitive transactions. (CVE-2013-4958, CVE-2013-4962)

- Multiple information disclosure vulnerabilities exist that could allow an attacker to access sensitive information such as server software versions, MAC addresses, SSH keys, and database passwords.
(CVE-2013-4959, CVE-2013-4961, CVE-2013-4967)

- An open-redirection vulnerability exists that could allow an attacker to attempt a phishing attack.
(CVE-2013-4955)

- Clickjacking and cross-site-scripting vulnerabilities exist that could allow an attacker to trick users into sending them sensitive information such as passwords.
(CVE-2013-4968)

- A cross-site request forgery vulnerability exists that could allow an attacker to manipulate a logged in user's browser to perform sensitive transactions on the user's behalf. (CVE-2013-4963)

Solution

Upgrade to Puppet Enterprise 3.0.1 or later.

See Also

https://puppet.com/security/cve/cve-2013-4073

https://puppet.com/security/cve/cve-2013-4761

https://puppet.com/security/cve/cve-2013-4762

https://puppet.com/security/cve/cve-2013-4955

https://puppet.com/security/cve/cve-2013-4956

https://puppet.com/security/cve/cve-2013-4958

https://puppet.com/security/cve/cve-2013-4959

https://puppet.com/security/cve/cve-2013-4961

https://puppet.com/security/cve/cve-2013-4962

https://puppet.com/security/cve/cve-2013-4963

https://puppet.com/security/cve/cve-2013-4964

https://puppet.com/security/cve/cve-2013-4967

https://puppet.com/security/cve/cve-2013-4968

Plugin Details

Severity: Medium

ID: 70663

File Name: puppet_enterprise_301.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 10/28/2013

Updated: 1/19/2021

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:puppetlabs:puppet

Required KB Items: puppet/rest_port

Exploit Ease: No exploit is required

Patch Publication Date: 8/15/2013

Vulnerability Publication Date: 8/15/2013

Reference Information

CVE: CVE-2013-4073, CVE-2013-4761, CVE-2013-4762, CVE-2013-4955, CVE-2013-4956, CVE-2013-4958, CVE-2013-4959, CVE-2013-4961, CVE-2013-4962, CVE-2013-4963, CVE-2013-4964, CVE-2013-4967, CVE-2013-4968

BID: 60843, 61805, 61806, 61856, 61857, 61859, 61860, 61861, 61862, 61870, 61945, 61949, 66541

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990