Unrated severityNVD Advisory· Published Mar 20, 2013· Updated Apr 29, 2026
CVE-2013-1652
CVE-2013-1652
Description
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.
Affected products
29cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*range: <=2.6.17
- cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*range: <=1.2.6
cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2013-04/msg00056.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2013-0710.htmlnvdThird Party Advisory
- secunia.com/advisories/52596nvdThird Party AdvisoryVendor Advisory
- ubuntu.com/usn/usn-1759-1nvdThird Party Advisory
- www.debian.org/security/2013/dsa-2643nvdThird Party Advisory
- www.securityfocus.com/bid/58443nvdThird Party AdvisoryVDB Entry
- puppetlabs.com/security/cve/cve-2013-1652/nvdVendor Advisory
News mentions
0No linked articles in our index yet.