CVE-2013-1398

Name of the Vulnerable Software and Affected Versions Puppet Enterprise versions prior to 2.7.1

Description The issue concerns improper access restriction to a catalog of private SSL keys. This allows remote authenticated users with root access to a node to obtain sensitive information and gain privileges, specifically when the master role is involved.

Recommendations For versions prior to 2.7.1, update to version 2.7.1 or later to resolve the issue.