CVE-2013-2274

Name of the Vulnerable Software and Affected Versions Puppet versions 2.6.x through 2.6.17 Puppet Enterprise versions 1.2.x through 1.2.6 Puppet versions prior to 2.7.23

Description The issue allows remote authenticated users to execute arbitrary code on the puppet master or an agent with puppet kick enabled via a crafted request for a report. Multiple vulnerabilities in the puppet package can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely by an authenticated attacker.

Recommendations For Puppet versions 2.6.x through 2.6.17, update to version 2.6.18 or later. For Puppet Enterprise versions 1.2.x through 1.2.6, update to version 1.2.7 or later. For Puppet versions prior to 2.7.23, update to version 2.7.23 or later.