The master external node classification script in Puppet Enterprise prior to 3.2.0 does not verify the identity of consoles, which allows remote malicious users to create arbitrary classifications on the master by spoofing a console.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
puppet puppet enterprise 3.1.0 |
||
puppet puppet enterprise |
||
puppet puppet enterprise 3.0.0 |
||
puppet puppet enterprise 3.0.1 |