CVE-2013-1640

Name of the Vulnerable Software and Affected Versions Puppet versions prior to 2.6.18 Puppet versions 2.7.x prior to 2.7.21 Puppet versions 3.1.x prior to 3.1.1 Puppet Enterprise versions prior to 1.2.7 Puppet Enterprise versions 2.7.x prior to 2.7.2

Description The issue allows remote authenticated users to execute arbitrary code via a crafted catalog request. This can lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out remotely by an attacker who has passed the authentication procedure.

Recommendations For Puppet versions prior to 2.6.18, update to version 2.6.18 or later. For Puppet versions 2.7.x prior to 2.7.21, update to version 2.7.21 or later. For Puppet versions 3.1.x prior to 3.1.1, update to version 3.1.1 or later. For Puppet Enterprise versions prior to 1.2.7, update to version 1.2.7 or later. For Puppet Enterprise versions 2.7.x prior to 2.7.2, update to version 2.7.2 or later.