CVE-2013-2275
EPSS 0.38%
Description
The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.
How to fix CVE-2013-2275
To remediate CVE-2013-2275, upgrade the affected package to a fixed version below.
- Debian/puppet—upgrade to 2.7.18-3 or later
Is CVE-2013-2275 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.7.18-3