Unrated severityNVD Advisory· Published Mar 14, 2014· Updated May 6, 2026

CVE-2013-1399

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Affected products

Puppet (software)/Puppet Enterprise4 versions
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*range: <=2.7.0
- cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*
Puppetlabs/Puppet2 versions
cpe:2.3:a:puppetlabs:puppet:2.5.0:-:enterprise:*:*:*:*:*+ 1 more
- cpe:2.3:a:puppetlabs:puppet:2.5.0:-:enterprise:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.6.0:-:enterprise:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

puppetlabs.com/security/cve/cve-2013-1399nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000