{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-03-12T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-04-11T09:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SU-2013:0618", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"}, {"name": "RHSA-2013:0710", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html"}, {"name": "DSA-2643", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2643"}, {"name": "52596", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52596"}, {"name": "USN-1759-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-1759-1"}, {"name": "openSUSE-SU-2013:0641", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://puppetlabs.com/security/cve/cve-2013-1640/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1640", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SU-2013:0618", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"}, {"name": "RHSA-2013:0710", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html"}, {"name": "DSA-2643", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2643"}, {"name": "52596", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/52596"}, {"name": "USN-1759-1", "refsource": "UBUNTU", "url": "http://ubuntu.com/usn/usn-1759-1"}, {"name": "openSUSE-SU-2013:0641", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"}, {"name": "https://puppetlabs.com/security/cve/cve-2013-1640/", "refsource": "CONFIRM", "url": "https://puppetlabs.com/security/cve/cve-2013-1640/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:13:31.581Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2013:0618", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"}, {"name": "RHSA-2013:0710", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html"}, {"name": "DSA-2643", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2643"}, {"name": "52596", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/52596"}, {"name": "USN-1759-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://ubuntu.com/usn/usn-1759-1"}, {"name": "openSUSE-SU-2013:0641", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://puppetlabs.com/security/cve/cve-2013-1640/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-1640", "datePublished": "2013-03-20T16:00:00.000Z", "dateReserved": "2013-02-10T00:00:00.000Z", "dateUpdated": "2024-08-06T15:13:31.581Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD53B762-9C74-4167-8FD3-6588B3B47B83", "versionEndExcluding": "2.6.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F50C0A2-ADA1-4E40-BDEF-7A1572D08F95", "versionEndExcluding": "2.7.21", "versionStartIncluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DD614CEE-B26B-489E-8AEC-17B48804B3AF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FC20F75-6A06-42C4-947D-827C7BD1F15A", "versionEndExcluding": "1.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3227E6D-27C8-4D6C-A9B7-713558FD9947", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3153F6B2-9CB2-4A1D-834B-33820EC8F0A0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request."}, {"lang": "es", "value": "La funciones (1) template y (2) inline_template en el servidor maestro en Puppet anterior a v2.6.18, v2.7.x anterior a v2.7.21, y v3.1.x anterior a v3.1.1, permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud de cat\u00e1logo especialmente dise\u00f1ado."}], "evaluatorImpact": "Per http://www.ubuntu.com/usn/usn-1759-1/\r\n\"A security issue affects these releases of Ubuntu and its derivatives:\r\n Ubuntu 12.10\r\n Ubuntu 12.04 LTS\r\n Ubuntu 11.10\"", "id": "CVE-2013-1640", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-20T16:55:01.723", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/52596"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://ubuntu.com/usn/usn-1759-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2643"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://puppetlabs.com/security/cve/cve-2013-1640/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/52596"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://ubuntu.com/usn/usn-1759-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2643"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://puppetlabs.com/security/cve/cve-2013-1640/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Puppet Labs for reporting this issue.", "affected_release": [{"advisory": "RHSA-2013:0710", "cpe": "cpe:/a:redhat:openstack:2::el6", "package": "puppet-0:2.6.18-1.el6ost", "product_name": "OpenStack Folsom for RHEL 6", "release_date": "2013-04-04T00:00:00Z"}], "bugzilla": {"description": "Puppet: catalog request code execution", "id": "919783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919783"}, "csaw": false, "cvss": {"cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-502", "details": ["The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request."], "name": "CVE-2013-1640", "package_state": [{"cpe": "cpe:/a:cloudforms_tools:1", "fix_state": "Will not fix", "package_name": "puppet", "product_name": "Red Hat CloudForms Tools 1"}, {"cpe": "cpe:/a:redhat:openstack:2.1", "fix_state": "Affected", "package_name": "puppet", "product_name": "Red Hat OpenStack Platform 2.1"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Affected", "package_name": "puppet", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2013-03-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1640\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1640"], "threat_severity": "Important"}

{}