{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-02-06T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-03-14T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://puppetlabs.com/security/cve/cve-2013-1399"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1399", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://puppetlabs.com/security/cve/cve-2013-1399", "refsource": "CONFIRM", "url": "https://puppetlabs.com/security/cve/cve-2013-1399"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-1399", "datePublished": "2014-03-14T16:00:00", "dateReserved": "2013-01-17T00:00:00", "dateUpdated": "2014-03-14T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "945DC555-EDBC-4D34-B5CF-7AFDE130D4F4", "versionEndIncluding": "2.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CCFA5742-38F2-43BD-9C90-E4F447F55684", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "32A5E42D-9626-4FC8-A032-4CD4FA1255BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "06F0697C-A1BF-42FE-A036-F3E6FAB30A87", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:2.5.0:-:enterprise:*:*:*:*:*", "matchCriteriaId": "27BEF40A-546D-4A5D-8173-A6E3C715B4B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:2.6.0:-:enterprise:*:*:*:*:*", "matchCriteriaId": "FD3AE9E5-5439-439B-A628-1CCEB45D63AF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de CSRF en los componentes (1) gesti\u00f3n de solicitudes de nodo, (2) gesti\u00f3n viva y (3) administraci\u00f3n de usuario en la consola en Puppet Enterprise (PE) anterior a 2.7.1 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de v\u00edctimas no especificadas a trav\u00e9s de vectores desconocidos."}], "id": "CVE-2013-1399", "lastModified": "2019-07-10T18:02:35.610", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-03-14T16:55:04.660", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://puppetlabs.com/security/cve/cve-2013-1399"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}