CVE-2013-1640

{"id": "CVE-2013-1640", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-03-20T16:55:01.723", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/52596", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://ubuntu.com/usn/usn-1759-1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2013/dsa-2643", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://puppetlabs.com/security/cve/cve-2013-1640/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request."}, {"lang": "es", "value": "La funciones (1) template y (2) inline_template en el servidor maestro en Puppet anterior a v2.6.18, v2.7.x anterior a v2.7.21, y v3.1.x anterior a v3.1.1, permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud de cat\u00e1logo especialmente dise\u00f1ado."}], "lastModified": "2022-01-24T16:46:04.623", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD53B762-9C74-4167-8FD3-6588B3B47B83", "versionEndExcluding": "2.6.18"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F50C0A2-ADA1-4E40-BDEF-7A1572D08F95", "versionEndExcluding": "2.7.21", "versionStartIncluding": "2.7.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD614CEE-B26B-489E-8AEC-17B48804B3AF"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FC20F75-6A06-42C4-947D-827C7BD1F15A", "versionEndExcluding": "1.2.7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3227E6D-27C8-4D6C-A9B7-713558FD9947"}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3153F6B2-9CB2-4A1D-834B-33820EC8F0A0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE"}], "operator": "OR"}]}], "evaluatorImpact": "Per http://www.ubuntu.com/usn/usn-1759-1/\r\n\"A security issue affects these releases of Ubuntu and its derivatives:\r\n Ubuntu 12.10\r\n Ubuntu 12.04 LTS\r\n Ubuntu 11.10\"", "sourceIdentifier": "cve@mitre.org"}