Unrated severityNVD Advisory· Published Mar 14, 2014· Updated Jun 16, 2026
CVE-2013-1398
CVE-2013-1398
Description
The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the master role.
Affected products
7cpe:2.3:a:puppetlabs:puppet:2.5.0:-:enterprise:*:*:*:*:*+ 1 more
- cpe:2.3:a:puppetlabs:puppet:2.5.0:-:enterprise:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.6.0:-:enterprise:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*range: <=2.7.0
- cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*
- (no CPE)range: <2.7.1
Patches
Vulnerability mechanics
References
1- puppetlabs.com/security/cve/cve-2013-1398nvdVendor Advisory
News mentions
0No linked articles in our index yet.