VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Mar 20, 2013· Updated Apr 29, 2026

CVE-2013-1654

CVE-2013-1654

Description

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.

Affected products

27
  • Puppetlabs/Puppet7 versions
    cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppetlabs:puppet:2.7.0:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*
    • cpe:2.3:a:puppetlabs:puppet:2.7.1:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*
    • cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*
  • Puppet (software)/Puppet16 versions
    cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
  • Puppet (software)/Puppet Enterprise
    cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
  • Canonical (company)/Ubuntu Linux3 versions
    cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.