Detections
Analytics
Puppet Enterprise 3.x < 3.2.0 Multiple Vulnerabilities
medium Nessus Plugin ID 73135
Language:
Synopsis
A web application on the remote host is affected by multiple vulnerabilities.Description
According to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.2.0. As a result, it is reportedly affected by multiple vulnerabilities :- An error exists related to the PE consoles and identity verification that could allow security bypasses. (CVE-2013-4966)
- An unspecified error exists related to endpoint nodes that could allow information disclosure. (CVE-2013-4971)
- SET ROLE bypasses lack of ADMIN OPTION when granting roles. (CVE-2014-0060)
- An error exists in the included Ruby on Rails version related to the text rendering component of Action View and handling MIME types that are converted to symbols that could allow denial of service attacks.
(CVE-2014-0082)
Solution
Upgrade to Puppet Enterprise 3.2.1 or later.Note that the issues were reportedly addressed in 3.2.0, but that release was pulled because it contained two major issues.
See Also
http://www.nessus.org/u?864eaaed
https://puppet.com/security/cve/cve-2013-4966
https://puppet.com/security/cve/cve-2013-4971
Plugin Details
Severity: Medium
ID: 73135
File Name: puppet_enterprise_321.nasl
Version: 1.10
Type: remote
Family: CGI abuses
Published: 3/21/2014
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.0
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 4.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS Score Source: CVE-2013-4966
Vulnerability Information
CPE: cpe:/a:puppetlabs:puppet
Required KB Items: puppet/rest_port
Exploit Ease: No exploit is required
Patch Publication Date: 3/4/2014
Vulnerability Publication Date: 2/17/2014
Reference Information
CVE: CVE-2013-4966, CVE-2013-4971, CVE-2014-0060, CVE-2014-0082