VDB
CVE-2013-1653
CVE-2013-1653
PUBLISHED
CVSS 7.099999904632568 HIGH
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.
EPSS 1.97% · 83.9th percentile
Risk Scores
CVSS 2.0
7.099999904632568
EPSS Score
1.97%
83.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| puppet | puppet_enterprise | 3.1.0, 2.7.1, 2.7.0 |
| puppet | puppet | 2.7.3, 2.6.0, 2.7.4 |
| puppetlabs | puppet | 2.7.1, 1.0, 1.2.2 |
| canonical | ubuntu_linux | 12.04, 12.10, 11.10 |
| n/a | n/a | n/a |
Exploit Intelligence
- SUSE-SU-2013:0618 (circl)
- 58446 (circl)
- DSA-2643 (circl)
- https://puppetlabs.com/security/cve/cve-2013-1653/ (circl)
- 52596 (circl)
- USN-1759-1 (circl)
- openSUSE-SU-2013:0641 (circl)
Timeline
- Mar 20, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- SUSE-SU-2013:0618 vendor-advisory
- 58446 vdb
- DSA-2643 vendor-advisory
- https://puppetlabs.com/security/cve/cve-2013-1653/ url
- 52596 third-party-advisory
- USN-1759-1 vendor-advisory
- openSUSE-SU-2013:0641 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2013-1653 advisory
- https://puppetlabs.com/security/cve/cve-2013-1653 url