FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 04:12:46 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b162b218-c547-4ba2-ae31-6fdcb61bc763	puppet -- Unauthenticated Remote Code Execution Vulnerability Puppet Developers report: When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby process, which allows an attacker to execute code contained in the payload. Discovery 2013-06-13 Entry 2013-06-22 Modified 2013-08-01 puppet ge 2.7 lt 2.7.22 ge 3.0 lt 3.2.2 CVE-2013-3567
2b2f6092-0694-11e3-9e8e-000c29f6ae42	puppet -- multiple vulnerabilities Puppet Labs reports: By using the `resource_type` service, an attacker could cause puppet to load arbitrary Ruby files from the puppet master node's file system. While this behavior is not enabled by default, `auth.conf` settings could be modified to allow it. The exploit requires local file system access to the Puppet Master. Puppet Module Tool (PMT) did not correctly control permissions of modules it installed, instead transferring permissions that existed when the module was built. Discovery 2013-07-05 Entry 2013-08-16 puppet ge 2.7 lt 2.7.23 ge 3.0 lt 3.2.4 CVE-2013-4761 CVE-2013-4956 http://puppetlabs.com/security/cve/cve-2013-4761/ http://puppetlabs.com/security/cve/cve-2013-4956/

VuXML ID

Description

b162b218-c547-4ba2-ae31-6fdcb61bc763

puppet -- Unauthenticated Remote Code Execution Vulnerability

Puppet Developers report:

When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby process, which allows an attacker to execute code contained in the payload.

Discovery 2013-06-13
Entry 2013-06-22
Modified 2013-08-01
puppet

ge 2.7 lt 2.7.22

ge 3.0 lt 3.2.2

CVE-2013-3567

2b2f6092-0694-11e3-9e8e-000c29f6ae42

puppet -- multiple vulnerabilities

Puppet Labs reports:

By using the `resource_type` service, an attacker could cause puppet to load arbitrary Ruby files from the puppet master node's file system. While this behavior is not enabled by default, `auth.conf` settings could be modified to allow it. The exploit requires local file system access to the Puppet Master.

Puppet Module Tool (PMT) did not correctly control permissions of modules it installed, instead transferring permissions that existed when the module was built.

Discovery 2013-07-05
Entry 2013-08-16
puppet

ge 2.7 lt 2.7.23

ge 3.0 lt 3.2.4

CVE-2013-4761
CVE-2013-4956
http://puppetlabs.com/security/cve/cve-2013-4761/
http://puppetlabs.com/security/cve/cve-2013-4956/