Red Hat Customer Portal

Skip to main content

CVE-2013-1652

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.

Details Source

Mitre

Public Date

2013-03-12 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-1652 Puppet: HTTP GET request catalog retrieval

Bugzilla ID

919 784

CVSS Status

verified

Base Score

4.00

Base Metrics

AV:N/AC:L/Au:S/C:P/I:N/A:N

Acknowledgements

Red Hat would like to thank Puppet Labs for reporting this issue.

Red Hat Security Errata

Platform Errata Release Date
OpenStack Folsom (puppet) RHSA-2013:0710 2013-04-04

Affected Packages State

Platform Package State
Red Hat Subscription Asset Manager 1 puppet Affected
Red Hat CloudForms Tools 1 puppet Will not fix