CVE-2013-1653
EPSS 2.0%
Description
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.
How to fix CVE-2013-1653
To remediate CVE-2013-1653, upgrade the affected package to a fixed version below.
- Debian/puppet—upgrade to 2.7.18-3 or later
Is CVE-2013-1653 being exploited?
Low — EPSS is 2.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.7.18-3