Puppet Multiple Security Vulnerabilities

Puppet is prone to multiple security vulnerabilities including information-disclosure, arbitrary file-delete, and insufficient input-validation for agent certificate names.

Attackers can exploit these issues to disclose sensitive-information, delete arbitrary files, or perform man-in-the-middle attacks.

The following versions are vulnerable:

Puppet Enterprise versions prior to 2.5.2
Puppet versions prior to 2.6.17 and prior to 2.7.18


 

Privacy Statement
Copyright 2010, SecurityFocus