First published: Wed Mar 20 2013(Updated: )
The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Puppet Puppet | <2.6.18 | |
Puppet Puppet | >=2.7.0<2.7.21 | |
Puppet Puppet | =3.1.0 | |
Puppet Puppet Enterprise | <1.2.7 | |
Puppet Puppet Enterprise | =2.7.0 | |
Puppet Puppet Enterprise | =2.7.1 | |
Canonical Ubuntu Linux | =11.10 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =12.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.