CVE-2013-4761

Name of the Vulnerable Software and Affected Versions Puppet versions 2.7.x through 2.7.22 Puppet versions 3.2.x through 3.2.3 Puppet Enterprise versions 2.8.x through 2.8.2 Puppet Enterprise versions 3.0.x through 3.0.0

Description The issue allows remote attackers to execute arbitrary Ruby programs from the master via the resource type service, potentially leading to disruption of confidentiality, integrity, and availability of protected information. This can be exploited by an attacker who has undergone authentication procedures. The exploitation requires unspecified local file system access to the Puppet Master.

Recommendations For Puppet versions 2.7.x through 2.7.22, update to version 2.7.23 or later. For Puppet versions 3.2.x through 3.2.3, update to version 3.2.4 or later. For Puppet Enterprise versions 2.8.x through 2.8.2, update to version 2.8.3 or later. For Puppet Enterprise versions 3.0.x through 3.0.0, update to version 3.0.1 or later.