Unrated severityNVD Advisory· Published Mar 9, 2014· Updated Jun 16, 2026
CVE-2013-4966
CVE-2013-4966
Description
The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.
Affected products
5cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*range: <=3.1.1
- cpe:2.3:a:puppet:puppet_enterprise:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
- (no CPE)range: < 3.2.0
Patches
Vulnerability mechanics
References
2- puppetlabs.com/security/cve/cve-2013-4966nvdVendor Advisory
- www.securitytracker.com/id/1029873nvd
News mentions
0No linked articles in our index yet.