VYPR
Unrated severityNVD Advisory· Published Mar 9, 2014· Updated Jun 16, 2026

CVE-2013-4966

CVE-2013-4966

Description

The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.

Affected products

5
  • cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*range: <=3.1.1
    • cpe:2.3:a:puppet:puppet_enterprise:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
    • (no CPE)range: < 3.2.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.