CVE-2013-2275

Name of the Vulnerable Software and Affected Versions Puppet versions prior to 2.7.23 Puppet versions 0.25.0 through 2.6.18 Puppet versions 2.7.x through 2.7.20 Puppet versions 3.1.x through 3.1.0 Puppet Enterprise versions prior to 1.2.7 Puppet Enterprise versions 2.7.x through 2.7.1

Description The issue affects the puppet package in Gentoo Linux and allows remote authenticated attackers to exploit multiple vulnerabilities, potentially leading to breaches of confidentiality, integrity, and availability of protected information. The default configuration of puppet masters enables remote authenticated nodes to submit reports for other nodes via unspecified vectors.

Recommendations For Puppet versions prior to 2.7.23, update to version 2.7.23 or later. For Puppet versions 0.25.0 through 2.6.18, update to version 2.6.18 or later. For Puppet versions 2.7.x through 2.7.20, update to version 2.7.21 or later. For Puppet versions 3.1.x through 3.1.0, update to version 3.1.1 or later. For Puppet Enterprise versions prior to 1.2.7, update to version 1.2.7 or later. For Puppet Enterprise versions 2.7.x through 2.7.1, update to version 2.7.2 or later.