CVE-2013-4956

Name of the Vulnerable Software and Affected Versions Puppet versions 2.7.x through 2.7.22 Puppet versions 3.2.x through 3.2.3 Puppet Enterprise versions 2.8.x through 2.8.2 Puppet Enterprise versions 3.0.x through 3.0.0

Description The issue allows local users to read or modify modules due to weak permissions set during the original build of the modules. This might lead to a breach of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited remotely by an authenticated attacker.

Recommendations For Puppet versions 2.7.x through 2.7.22, update to version 2.7.23 or later. For Puppet versions 3.2.x through 3.2.3, update to version 3.2.4 or later. For Puppet Enterprise versions 2.8.x through 2.8.2, update to version 2.8.3 or later. For Puppet Enterprise versions 3.0.x through 3.0.0, update to version 3.0.1 or later.