The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.
References
Link | Resource |
---|---|
http://puppetlabs.com/security/cve/cve-2013-4966 | Vendor Advisory |
http://www.securitytracker.com/id/1029873 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2014-03-09 13:16
Updated : 2024-02-28 12:20
NVD link : CVE-2013-4966
Mitre link : CVE-2013-4966
CVE.ORG link : CVE-2013-4966
JSON object : View
Products Affected
puppet
- puppet_enterprise
CWE
CWE-287
Improper Authentication