CVE-2013-3567
Description
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Risk Information
Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
6.459
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2013-3567 are fixed in Ruby-puppet 2.7.22 | Windows |
| Vulnerabilities CVE-2013-3567 are fixed in Ruby-puppet 3.2.2 | Windows |
| Vulnerabilities CVE-2013-3567 are fixed in Ruby-puppet for Linux 2.7.22 | Linux |
| Vulnerabilities CVE-2013-3567 are fixed in Ruby-puppet for Linux 3.2.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234