Puppet Server prior to 2.3.2 and Ruby puppetmaster in Puppet 4.x prior to 4.4.2 and in Puppet Agent prior to 1.4.2 might allow remote malicious users to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
puppet puppet 4.0.0 |
||
puppet puppet 4.1.0 |
||
puppet puppet 4.2.0 |
||
puppet puppet 4.2.1 |
||
puppet puppet 4.2.2 |
||
puppet puppet 4.2.3 |
||
puppet puppet 4.3.0 |
||
puppet puppet 4.3.1 |
||
puppet puppet 4.3.2 |
||
puppet puppet 4.4.0 |
||
puppet puppet 4.4.1 |
||
puppet puppet server 2.0.0 |
||
puppet puppet server 2.1.0 |
||
puppet puppet server 2.1.1 |
||
puppet puppet server 2.1.2 |
||
puppet puppet server 2.2.0 |
||
puppet puppet server 2.3.0 |
||
puppet puppet server 2.3.1 |
||
puppet puppet agent 1.4.1 |