The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.
References
Link | Resource |
---|---|
http://puppetlabs.com/security/cve/cve-2013-4966 | Vendor Advisory |
http://www.securitytracker.com/id/1029873 | |
http://puppetlabs.com/security/cve/cve-2013-4966 | Vendor Advisory |
http://www.securitytracker.com/id/1029873 |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:56
Type | Values Removed | Values Added |
---|---|---|
References | () http://puppetlabs.com/security/cve/cve-2013-4966 - Vendor Advisory | |
References | () http://www.securitytracker.com/id/1029873 - |
Information
Published : 2014-03-09 13:16
Updated : 2024-11-21 01:56
NVD link : CVE-2013-4966
Mitre link : CVE-2013-4966
CVE.ORG link : CVE-2013-4966
JSON object : View
Products Affected
puppet
- puppet_enterprise
CWE
CWE-287
Improper Authentication