First published: Fri Mar 07 2014(Updated: )
The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Puppet Puppet Enterprise | <=3.1.1 | |
Puppet Puppet Enterprise | =3.0.0 | |
Puppet Puppet Enterprise | =3.0.1 | |
Puppet Puppet Enterprise | =3.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.