CVE-2013-2274
EPSS 1.9%
Description
Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.
How to fix CVE-2013-2274
To remediate CVE-2013-2274, upgrade the affected package to a fixed version below.
- Debian/puppet—upgrade to 2.7-1 or later
Is CVE-2013-2274 being exploited?
Low — EPSS is 1.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.7-1