Search Results | AttackerKB

Show filters

Topics 8 Users 9,706

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

8 Total Results

Displaying 1-8 of 8

Attacker Value

Unknown

CVE-2013-4971

Disclosure Date: March 09, 2014 (last updated October 05, 2023)

Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors.

0

Attacker Value

Unknown

CVE-2013-4966

Disclosure Date: March 09, 2014 (last updated October 05, 2023)

The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.

0

Attacker Value

Unknown

CVE-2013-1653

Disclosure Date: March 20, 2013 (last updated October 05, 2023)

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.

0

Attacker Value

Unknown

CVE-2013-1655

Disclosure Date: March 20, 2013 (last updated October 05, 2023)

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."

0

Attacker Value

Unknown

CVE-2013-1640

Disclosure Date: March 20, 2013 (last updated October 05, 2023)

The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.

0

Attacker Value

Unknown

CVE-2013-2275

Disclosure Date: March 20, 2013 (last updated October 05, 2023)

The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.

0

Attacker Value

Unknown

CVE-2013-1654

Disclosure Date: March 20, 2013 (last updated October 05, 2023)

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.

0

Attacker Value

Unknown

CVE-2013-1652

Disclosure Date: March 20, 2013 (last updated October 05, 2023)

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.

0