Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2013-3567
Deferred
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-19 Aug, 2013 | 23:55
Updated At-11 Apr, 2025 | 00:51

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Perforce Software, Inc. ("Puppet")
puppet
>>puppet>>2.7.2
cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet>>2.7.10
cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet>>2.7.11
cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet>>2.7.12
cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet>>2.7.13
cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet>>2.7.14
cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet>>2.7.16
cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet>>2.7.17
cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet>>2.7.18
cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet>>2.7.21
cpe:2.3:a:puppet:puppet:2.7.21:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet>>3.2.1
cpe:2.3:a:puppet:puppet:3.2.1:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppetlabs
>>puppet>>2.7.0
cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppetlabs
>>puppet>>2.7.1
cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppetlabs
>>puppet>>2.7.19
cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppetlabs
>>puppet>>2.7.20
cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppetlabs
>>puppet>>2.7.20
cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppetlabs
>>puppet>>3.2.0
cpe:2.3:a:puppetlabs:puppet:3.2.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.10
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>13.04
cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
Novell
novell
>>suse_linux_enterprise_desktop>>11
cpe:2.3:o:novell:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
Novell
novell
>>suse_linux_enterprise_desktop>>11.0
cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp2:*:*:*:*:*:*
Novell
novell
>>suse_linux_enterprise_server>>11.0
cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp2:*:*:*:vmware:*:*
Novell
novell
>>suse_linux_enterprise_server>>11.0
cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*
Novell
novell
>>suse_linux_enterprise_server>>11.0
cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet_enterprise>>Versions up to 2.8.1(inclusive)
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet_enterprise>>1.0
cpe:2.3:a:puppet:puppet_enterprise:1.0:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet_enterprise>>1.1
cpe:2.3:a:puppet:puppet_enterprise:1.1:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet_enterprise>>1.2.0
cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet_enterprise>>2.0.0
cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet_enterprise>>2.5.1
cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet_enterprise>>2.5.2
cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppet
>>puppet_enterprise>>2.8.0
cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppetlabs
>>puppet>>1.0.0
cpe:2.3:a:puppetlabs:puppet:1.0.0:-:enterprise:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppetlabs
>>puppet>>1.1.0
cpe:2.3:a:puppetlabs:puppet:1.1.0:-:enterprise:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppetlabs
>>puppet>>1.2.0
cpe:2.3:a:puppetlabs:puppet:1.2.0:-:enterprise:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppetlabs
>>puppet>>2.5.0
cpe:2.3:a:puppetlabs:puppet:2.5.0:-:enterprise:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppetlabs
>>puppet>>2.6.0
cpe:2.3:a:puppetlabs:puppet:2.6.0:-:enterprise:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppetlabs
>>puppet>>2.7.0
cpe:2.3:a:puppetlabs:puppet:2.7.0:-:enterprise:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppetlabs
>>puppet>>2.7.1
cpe:2.3:a:puppetlabs:puppet:2.7.1:-:enterprise:*:*:*:*:*
Perforce Software, Inc. ("Puppet")
puppetlabs
>>puppet>>2.7.2
cpe:2.3:a:puppetlabs:puppet:2.7.2:-:enterprise:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.htmlcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2013-1283.htmlcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2013-1284.htmlcve@mitre.org
N/A
http://secunia.com/advisories/54429cve@mitre.org
Vendor Advisory
http://www.debian.org/security/2013/dsa-2715cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-1886-1cve@mitre.org
N/A
https://puppetlabs.com/security/cve/cve-2013-3567/cve@mitre.org
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-1283.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-1284.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/54429af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.debian.org/security/2013/dsa-2715af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1886-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://puppetlabs.com/security/cve/cve-2013-3567/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Change History
0Changes found
Details not found