First published: Tue Aug 20 2013(Updated: )
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Puppet Puppet | =3.2.1 | |
Puppet Puppet | =3.2.2 | |
Puppet Puppet | =3.2.3 | |
Puppetlabs Puppet | =3.2.0 | |
Puppet Puppet | =2.7.2 | |
Puppetlabs Puppet | =2.7.0 | |
Puppetlabs Puppet | =2.7.1 | |
Puppet Puppet Enterprise | =2.8.0 | |
Puppet Puppet Enterprise | =2.8.1 | |
Puppet Puppet Enterprise | =2.8.2 | |
Puppet Puppet Enterprise | =3.0.0 | |
rubygems/puppet | >=3.2.0<3.2.4 | 3.2.4 |
rubygems/puppet | >=2.7.0<2.7.23 | 2.7.23 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.