The pxp-agent component in Puppet Enterprise 2015.3.x prior to 2015.3.3 and Puppet Agent 1.3.x prior to 1.3.6 does not properly validate server certificates, which might allow remote malicious users to spoof brokers and execute arbitrary commands via a crafted certificate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
puppet puppet agent 1.3.0 |
||
puppet puppet agent 1.3.1 |
||
puppet puppet agent 1.3.2 |
||
puppet puppet agent 1.3.4 |
||
puppet puppet agent 1.3.5 |
||
puppet puppet enterprise 2015.3.0 |
||
puppet puppet enterprise 2015.3.2 |