Puppet Multiple Security Vulnerabilities
Puppet is prone to multiple security vulnerabilities including information-disclosure, arbitrary file-delete, and insufficient input-validation for agent certificate names.
Attackers can exploit these issues to disclose sensitive-information, delete arbitrary files, or perform man-in-the-middle attacks.
The following versions are vulnerable:
Puppet Enterprise versions prior to 2.5.2
Puppet versions prior to 2.6.17 and prior to 2.7.18