Unrated severityNVD Advisory· Published Mar 20, 2013· Updated Jun 16, 2026
CVE-2013-2274
CVE-2013-2274
Description
Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21cpe:2.3:a:puppetlabs:puppet:2.6.17:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:puppetlabs:puppet:2.6.17:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
- (no CPE)range: >=2.6.0, <2.6.18
cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*
- (no CPE)range: >=1.2.0, <1.2.7
Patches
Vulnerability mechanics
References
7- secunia.com/advisories/52596nvdVendor Advisory
- puppetlabs.com/security/cve/cve-2013-2274/nvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.htmlnvd
- lists.opensuse.org/opensuse-updates/2013-04/msg00056.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-0710.htmlnvd
- www.debian.org/security/2013/dsa-2643nvd
- www.securityfocus.com/bid/58447nvd
News mentions
0No linked articles in our index yet.