Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
puppet puppet |
||
puppet puppet 2.7.11 |
||
puppet puppet 2.7.12 |
||
puppet puppet 2.7.13 |
||
puppet puppet 2.7.14 |
||
puppetlabs puppet 2.7.0 |
||
puppet puppet 2.7.7 |
||
puppet puppet 2.7.9 |
||
puppet puppet 2.7.17 |
||
puppetlabs puppet 2.7.19 |
||
puppetlabs puppet 2.7.1 |
||
puppet puppet 2.7.6 |
||
puppet puppet 2.7.8 |
||
puppet puppet 2.7.10 |
||
puppet puppet 2.7.16 |
||
puppet puppet 2.7.18 |
||
puppet puppet 2.7.2 |
||
puppet puppet 2.7.3 |
||
puppet puppet 2.7.4 |
||
puppet puppet 2.7.5 |
||
puppetlabs puppet 2.7.20 |
||
puppet puppet enterprise 3.1.0 |
||
puppetlabs puppet 1.2.3 |
||
puppetlabs puppet 1.2.4 |
||
puppetlabs puppet 1.2.5 |
||
puppetlabs puppet 1.2.6 |
||
puppetlabs puppet 1.2.1 |
||
puppetlabs puppet 1.1 |
||
puppetlabs puppet 1.2.0 |
||
puppetlabs puppet 1.2.2 |
||
puppetlabs puppet 1.0 |
||
puppet puppet enterprise 2.7.0 |
||
puppet puppet enterprise 2.7.1 |
||
canonical ubuntu linux 11.10 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 12.10 |
Vulmon