Puppet: >> Puppet Enterprise >> 2.8.1 Security Vulnerabilities
Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.
CVSS Score
5.0
EPSS Score
0.003
Published
2013-08-20
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
CVSS Score
7.5
EPSS Score
0.111
Published
2013-08-19
Page 5