Unspecified vulnerability in Puppet 2.7.x prior to 2.7.23 and 3.2.x prior to 3.2.4, and Puppet Enterprise 2.8.x prior to 2.8.3 and 3.0.x prior to 3.0.1, allows remote malicious users to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
puppetlabs puppet 3.2.0 |
||
puppet puppet 3.2.1 |
||
puppet puppet 3.2.2 |
||
puppet puppet 3.2.3 |
||
puppet puppet 2.7.2 |
||
puppetlabs puppet 2.7.1 |
||
puppetlabs puppet 2.7.0 |
||
puppet puppet enterprise 3.0.0 |
||
puppet puppet enterprise 2.8.2 |
||
puppet puppet enterprise 2.8.0 |
||
puppet puppet enterprise 2.8.1 |