VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Aug 20, 2013· Updated Apr 29, 2026

CVE-2013-4956

CVE-2013-4956

Description

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.

Affected products

28
  • Puppet (software)/Puppet21 versions
    cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*+ 20 more
    • cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.21:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:2.7.22:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet:3.2.3:*:*:*:*:*:*:*
  • Puppet (software)/Puppet Enterprise4 versions
    cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:3.0.0:*:*:*:*:*:*:*
  • Puppetlabs/Puppet3 versions
    cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppetlabs:puppet:3.2.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.