The (1) template and (2) inline_template functions in the master server in Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
puppet puppet |
||
puppet puppet 3.1.0 |
||
puppet puppet enterprise |
||
puppet puppet enterprise 2.7.0 |
||
puppet puppet enterprise 2.7.1 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 11.10 |
||
canonical ubuntu linux 12.10 |