CVE-2013-1652

Name of the Vulnerable Software and Affected Versions Puppet versions prior to 2.6.18 Puppet versions 2.7.x prior to 2.7.21 Puppet versions 3.1.x prior to 3.1.1 Puppet Enterprise versions prior to 1.2.7 Puppet Enterprise versions 2.7.x prior to 2.7.2

Description The issue allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache. This can lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely by an attacker who has passed the authentication procedure.

Recommendations For Puppet versions prior to 2.6.18, update to version 2.6.18 or later. For Puppet versions 2.7.x prior to 2.7.21, update to version 2.7.21 or later. For Puppet versions 3.1.x prior to 3.1.1, update to version 3.1.1 or later. For Puppet Enterprise versions prior to 1.2.7, update to version 1.2.7 or later. For Puppet Enterprise versions 2.7.x prior to 2.7.2, update to version 2.7.2 or later.