CVE-2013-4966 — Vulnetix

CVE-2013-4966 PUBLISHED CVSS 6.400000095367432 MEDIUM

The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.

EPSS 0.22% · 45.0th percentile

Risk Scores

CVSS v2.0

6.400000095367432

EPSS Score

0.22%

45.0th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
puppet	puppet_enterprise	0, 3.0.0, 3.1.0

Timeline

Mar 6, 2014 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 17, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 1, 2023 EPSS Score
May 24, 2023 EPSS Score

References

1029873 vdb
http://puppetlabs.com/security/cve/cve-2013-4966 url
https://nvd.nist.gov/vuln/detail/CVE-2013-4966 advisory
http://puppetlabs.com/security/cve/cve-2013-4971 advisory
http://puppetlabs.com/security/cve/cve-2014-0082 advisory
http://puppetlabs.com/security/cve/cve-2014-0060 advisory

Open in Interactive Console →