First published: Wed Mar 20 2013(Updated: )
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Puppet Puppet | >=2.6.0<=2.6.17 | |
Puppet Puppet | =2.7.2 | |
Puppet Puppet | =2.7.3 | |
Puppet Puppet | =2.7.4 | |
Puppet Puppet | =2.7.5 | |
Puppet Puppet | =2.7.6 | |
Puppet Puppet | =2.7.7 | |
Puppet Puppet | =2.7.8 | |
Puppet Puppet | =2.7.9 | |
Puppet Puppet | =2.7.10 | |
Puppet Puppet | =2.7.11 | |
Puppet Puppet | =2.7.12 | |
Puppet Puppet | =2.7.13 | |
Puppet Puppet | =2.7.14 | |
Puppet Puppet | =2.7.16 | |
Puppet Puppet | =2.7.17 | |
Puppet Puppet | =2.7.18 | |
Puppetlabs Puppet | =2.7.0 | |
Puppetlabs Puppet | =2.7.1 | |
Puppetlabs Puppet | =2.7.19 | |
Puppetlabs Puppet | =2.7.20 | |
Puppetlabs Puppet | =2.7.20-rc1 | |
Puppet Puppet Enterprise | =3.1.0 | |
Puppetlabs Puppet | =1.0 | |
Puppetlabs Puppet | =1.1 | |
Puppetlabs Puppet | =1.2.0 | |
Puppetlabs Puppet | =1.2.1 | |
Puppetlabs Puppet | =1.2.2 | |
Puppetlabs Puppet | =1.2.3 | |
Puppetlabs Puppet | =1.2.4 | |
Puppetlabs Puppet | =1.2.5 | |
Puppetlabs Puppet | =1.2.6 | |
Puppet Puppet Enterprise | =2.7.0 | |
Puppet Puppet Enterprise | =2.7.1 | |
Canonical Ubuntu Linux | =11.10 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =12.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.