MidnightBSD

Advisories for puppetlabs

CVE-2011-3848 MEDIUM

Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
puppet puppet 2.6.2
puppet puppet 2.6.9
puppet puppet 2.6.7
puppet puppet 2.6.8
puppet puppet 2.6.4
puppet puppet 2.7.3
puppet puppet 2.6.6
puppetlabs puppet 2.7.1
puppet puppet 2.6.1
puppet puppet 2.6.5
puppet puppet 2.7.2
puppet puppet 2.6.0
puppetlabs puppet 2.7.0
puppet puppet 2.6.3
CVE-2011-3869 MEDIUM

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
puppet puppet 2.6.2
puppet puppet 2.6.9
puppet puppet 0.25.1
puppet puppet 2.6.7
puppet puppet 2.6.8
puppet puppet 0.25.3
puppet puppet 2.6.4
puppet puppet 2.7.3
puppet puppet 2.6.10
puppet puppet 2.6.6
puppetlabs puppet 2.7.1
puppet puppet 2.7.4
puppet puppet 2.6.1
puppet puppet 2.6.5
puppet puppet 2.7.2
puppet puppet 0.25.0
puppet puppet 2.6.0
puppet puppet 0.25.5
puppet puppet 0.25.4
puppet puppet 0.25.6
puppetlabs puppet 2.7.0
puppet puppet 0.25.2
puppet puppet 2.6.3
CVE-2011-3870 MEDIUM

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
puppet puppet 2.6.2
puppet puppet 2.6.9
puppet puppet 0.25.1
puppet puppet 2.6.7
puppet puppet 2.6.8
puppet puppet 0.25.3
puppet puppet 2.6.4
puppet puppet 2.7.3
puppet puppet 2.6.10
puppet puppet 2.6.6
puppetlabs puppet 2.7.1
puppet puppet 2.7.4
puppet puppet 2.6.1
puppet puppet 2.6.5
puppet puppet 2.7.2
puppet puppet 0.25.0
puppet puppet 2.6.0
puppet puppet 0.25.5
puppet puppet 0.25.4
puppet puppet 0.25.6
puppetlabs puppet 2.7.0
puppet puppet 0.25.2
puppet puppet 2.6.3
CVE-2011-3871 MEDIUM

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
puppet puppet 2.6.2
puppet puppet 2.6.9
puppet puppet 0.25.1
puppet puppet 2.6.7
puppet puppet 2.6.8
puppet puppet 0.25.3
puppet puppet 2.6.4
puppet puppet 2.7.3
puppet puppet 2.6.10
puppet puppet 2.6.6
puppetlabs puppet 2.7.1
puppet puppet 2.7.4
puppet puppet 2.6.1
puppet puppet 2.6.5
puppet puppet 2.7.2
puppet puppet 0.25.0
puppet puppet 2.6.0
puppet puppet 0.25.5
puppet puppet 0.25.4
puppet puppet 0.25.6
puppetlabs puppet 2.7.0
puppet puppet 0.25.2
puppet puppet 2.6.3
CVE-2011-3872 LOW

Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
puppet puppet 2.7.5
puppet puppet 2.6.2
puppet puppet 2.6.11
puppet puppet 2.6.8
puppet puppet 2.6.4
puppet puppet 2.7.3
puppet puppet 2.6.10
puppetlabs puppet_enterprise_users 1.0
puppet puppet 2.7.4
puppet puppet 2.6.1
puppet puppet 2.6.5
puppet puppet_enterprise 1.2.1
puppet puppet 2.6.0
puppetlabs puppet 2.7.0
puppet puppet 2.6.3
puppetlabs puppet_enterprise_users 1.1
puppet puppet 2.6.9
puppet puppet 2.6.7
puppet puppet_enterprise 1.2.3
puppet puppet 2.6.6
puppetlabs puppet 2.7.1
puppet puppet 2.7.2
puppet puppet_enterprise 1.2.0
puppet puppet_enterprise 1.2.2
CVE-2012-1053 MEDIUM

The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
puppet puppet 2.7.5
puppet puppet 2.6.2
puppet puppet 2.6.11
puppet puppet 2.6.8
puppet puppet 2.6.4
puppet puppet 2.7.9
puppet puppet 2.7.3
puppet puppet 2.7.10
puppet puppet 2.6.10
puppet puppet_enterprise 2.0.1
puppetlabs puppet_enterprise_users 1.0
puppet puppet 2.7.4
puppet puppet 2.6.1
puppet puppet 2.6.5
puppet puppet 2.7.8
puppet puppet_enterprise 1.2.4
puppet puppet_enterprise 1.2.1
puppet puppet 2.6.0
puppet puppet_enterprise 2.0.2
puppetlabs puppet 2.7.0
puppet puppet 2.6.3
puppet puppet 2.6.12
puppetlabs puppet_enterprise_users 1.1
puppet puppet 2.6.9
puppet puppet 2.6.7
puppet puppet 2.6.13
puppet puppet 2.7.7
puppet puppet_enterprise 1.2.3
puppet puppet 2.7.6
puppet puppet 2.6.6
puppetlabs puppet 2.7.1
puppet puppet 2.7.2
puppet puppet_enterprise 1.2.0
puppet puppet_enterprise 2.0.0
puppet puppet_enterprise 1.2.2
CVE-2012-1054 MEDIUM

Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
puppet puppet 2.7.5
puppet puppet 2.6.2
puppet puppet 2.6.11
puppet puppet 2.6.8
puppet puppet 2.6.4
puppet puppet 2.7.9
puppet puppet 2.7.3
puppet puppet 2.7.10
puppet puppet 2.6.10
puppet puppet_enterprise 2.0.1
puppetlabs puppet_enterprise_users 1.0
puppet puppet 2.7.4
puppet puppet 2.6.1
puppet puppet 2.6.5
puppet puppet 2.7.8
puppet puppet_enterprise 1.2.4
puppet puppet_enterprise 1.2.1
puppet puppet 2.6.0
puppet puppet_enterprise 2.0.2
puppetlabs puppet 2.7.0
puppet puppet 2.6.3
puppet puppet 2.6.12
puppetlabs puppet_enterprise_users 1.1
puppet puppet 2.6.9
puppet puppet 2.6.7
puppet puppet 2.6.13
puppet puppet 2.7.7
puppet puppet_enterprise 1.2.3
puppet puppet 2.7.6
puppet puppet 2.6.6
puppetlabs puppet 2.7.1
puppet puppet 2.7.2
puppet puppet_enterprise 1.2.0
puppet puppet_enterprise 2.0.0
puppet puppet_enterprise 1.2.2
CVE-2012-1906 LOW

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
puppet puppet 2.7.5
puppet puppet 2.6.2
puppet puppet 2.6.11
puppet puppet 2.6.8
puppet puppet 2.6.4
puppet puppet 2.7.9
puppet puppet 2.7.3
puppet puppet 2.7.10
puppet puppet 2.6.10
puppet puppet_enterprise 2.0.1
puppetlabs puppet_enterprise_users 1.0
puppet puppet 2.7.4
puppet puppet 2.6.1
puppet puppet 2.6.5
puppet puppet 2.7.8
puppet puppet_enterprise 1.2.4
puppet puppet_enterprise 1.2.1
puppet puppet 2.6.0
puppet puppet_enterprise 2.0.2
puppet puppet_enterprise 2.5.0
puppetlabs puppet 2.7.0
puppet puppet 2.6.3
puppet puppet 2.6.12
puppetlabs puppet_enterprise_users 1.1
puppet puppet 2.6.9
puppet puppet 2.6.7
puppet puppet 2.6.13
puppet puppet 2.7.7
puppet puppet 2.7.11
puppet puppet_enterprise 1.2.3
puppet puppet 2.7.6
puppet puppet 2.6.14
puppet puppet 2.6.6
puppetlabs puppet 2.7.1
puppet puppet 2.7.2
puppet puppet_enterprise 1.2.0
puppet puppet_enterprise 2.0.0
puppet puppet_enterprise 1.2.2
CVE-2012-1986 LOW

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
puppet puppet 2.7.5
puppet puppet 2.6.2
puppet puppet 2.6.11
puppet puppet 2.6.8
puppet puppet 2.6.4
puppet puppet 2.7.9
puppet puppet 2.7.3
puppet puppet 2.7.10
puppet puppet 2.6.10
puppet puppet_enterprise 2.0.1
puppetlabs puppet_enterprise_users 1.0
puppet puppet 2.7.4
puppet puppet 2.6.1
puppet puppet 2.6.5
puppet puppet 2.7.8
puppet puppet_enterprise 1.2.4
puppet puppet_enterprise 1.2.1
puppet puppet 2.6.0
puppet puppet_enterprise 2.0.2
puppet puppet_enterprise 2.5.0
puppetlabs puppet 2.7.0
puppet puppet 2.6.3
puppet puppet 2.6.12
puppetlabs puppet_enterprise_users 1.1
puppet puppet 2.6.9
puppet puppet 2.6.7
puppet puppet 2.6.13
puppet puppet 2.7.7
puppet puppet 2.7.11
puppet puppet_enterprise 1.2.3
puppet puppet 2.7.6
puppet puppet 2.6.14
puppet puppet 2.6.6
puppetlabs puppet 2.7.1
puppet puppet 2.7.2
puppet puppet_enterprise 1.2.0
puppet puppet_enterprise 2.0.0
puppet puppet_enterprise 1.2.2
CVE-2012-1989 LOW

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
puppet puppet 2.7.5
puppet puppet 2.7.11
puppet puppet_enterprise 1.2.3
puppet puppet 2.7.6
puppet puppet 2.7.9
puppet puppet 2.7.3
puppet puppet 2.7.12
puppet puppet 2.7.10
puppet puppet_enterprise 2.0.1
puppetlabs puppet 2.7.1
puppet puppet 2.7.4
puppet puppet 2.7.8
puppet puppet_enterprise 1.2.4
puppet puppet_enterprise 1.2.0
puppet puppet_enterprise 1.2.1
puppet puppet_enterprise 2.0.2
puppet puppet_enterprise 2.0.0
puppet puppet_enterprise 2.5.0
puppetlabs puppet 2.7.0
puppet puppet_enterprise 1.2.2
CVE-2013-1398 HIGH

The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the master role.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
puppet puppet_enterprise *
puppet puppet_enterprise 2.5.1
puppetlabs puppet 2.6.0
puppet puppet_enterprise 2.5.2
puppet puppet_enterprise 2.0.0
puppetlabs puppet 2.5.0
CVE-2013-1399 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
puppet puppet_enterprise *
puppet puppet_enterprise 2.5.1
puppetlabs puppet 2.6.0
puppet puppet_enterprise 2.5.2
puppet puppet_enterprise 2.0.0
puppetlabs puppet 2.5.0
CVE-2013-1652 MEDIUM

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
puppet puppet 2.7.5
canonical ubuntu_linux 12.10
canonical ubuntu_linux 11.10
puppet puppet 2.7.14
puppet puppet 2.7.9
puppet puppet 2.7.3
puppet puppet 2.7.10
puppetlabs puppet 2.7.20
puppet puppet 2.7.4
puppet puppet 2.7.8
puppetlabs puppet *
puppet puppet 2.7.13
puppet puppet_enterprise 2.7.1
puppetlabs puppet 2.7.0
puppet puppet 2.7.18
puppet puppet 2.7.17
puppet puppet_enterprise 3.1.0
puppet puppet 2.7.7
puppet puppet 2.7.11
puppet puppet 2.7.6
puppet puppet 2.7.12
puppet puppet 2.7.16
puppetlabs puppet 2.7.1
puppetlabs puppet 2.7.19
puppet puppet 2.7.2
puppet puppet_enterprise 2.7.0
canonical ubuntu_linux 12.04
CVE-2013-1653 HIGH

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
puppet puppet 2.7.5
puppetlabs puppet 1.2.3
puppetlabs puppet 1.1
canonical ubuntu_linux 12.10
puppetlabs puppet 1.2.6
canonical ubuntu_linux 11.10
puppet puppet 2.7.14
puppetlabs puppet 1.2.0
puppet puppet 2.7.9
puppet puppet 2.7.3
puppet puppet 2.7.10
puppetlabs puppet 2.7.20
puppetlabs puppet 1.2.1
puppet puppet 2.7.4
puppet puppet 2.7.8
puppet puppet 2.7.13
puppet puppet_enterprise 2.7.1
puppetlabs puppet 2.7.0
puppetlabs puppet 1.2.4
puppet puppet 2.7.18
puppet puppet 2.7.17
puppetlabs puppet 1.2.5
puppet puppet_enterprise 3.1.0
puppet puppet *
puppet puppet 2.7.7
puppet puppet 2.7.11
puppet puppet 2.7.6
puppetlabs puppet 1.0
puppet puppet 2.7.12
puppet puppet 2.7.16
puppetlabs puppet 2.7.1
puppetlabs puppet 2.7.19
puppet puppet 2.7.2
puppetlabs puppet 1.2.2
puppet puppet_enterprise 2.7.0
canonical ubuntu_linux 12.04
CVE-2013-1654 MEDIUM

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
puppet puppet 2.7.5
canonical ubuntu_linux 12.10
canonical ubuntu_linux 11.10
puppet puppet 2.7.14
puppet puppet 2.7.9
puppet puppet 2.7.3
puppet puppet 2.7.10
puppetlabs puppet 2.7.20
puppet puppet 2.7.4
puppet puppet 2.7.8
puppet puppet 2.7.13
puppetlabs puppet 2.7.0
puppet puppet 2.7.18
puppet puppet 2.7.17
puppet puppet_enterprise 3.1.0
puppet puppet 2.7.7
puppet puppet 2.7.11
puppet puppet 2.7.6
puppet puppet 2.7.12
puppet puppet 2.7.16
puppetlabs puppet 2.7.1
puppetlabs puppet 2.7.19
puppet puppet 2.7.2
canonical ubuntu_linux 12.04
CVE-2013-1655 HIGH

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
puppet puppet 2.7.5
puppet puppet 2.7.18
puppet puppet 2.7.17
puppet puppet_enterprise 3.1.0
puppet puppet 2.7.7
puppet puppet 2.7.11
puppet puppet 2.7.14
puppet puppet 2.7.6
puppet puppet 2.7.9
puppet puppet 2.7.3
puppet puppet 2.7.12
puppet puppet 2.7.10
puppet puppet 2.7.16
puppetlabs puppet 2.7.20
puppetlabs puppet 2.7.1
puppetlabs puppet 2.7.19
puppet puppet 2.7.4
puppet puppet 2.7.2
puppet puppet 2.7.8
puppet puppet 2.7.13
puppetlabs puppet 2.7.0
CVE-2013-2274 MEDIUM

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
puppet puppet 2.6.2
puppet puppet 2.6.9
puppet puppet 2.6.11
puppet puppet 2.6.7
puppet puppet 2.6.8
puppet puppet 2.6.16
puppet puppet 2.6.4
puppet puppet 2.6.13
puppetlabs puppet 2.6.17
puppet puppet 2.6.10
puppet puppet 2.6.14
puppet puppet 2.6.6
puppet puppet 2.6.15
puppet puppet 2.6.1
puppet puppet 2.6.5
puppet puppet_enterprise 1.2.0
puppet puppet 2.6.0
puppet puppet 2.6.3
puppet puppet 2.6.12
CVE-2013-2275 MEDIUM

The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
puppet puppet 2.7.5
puppet puppet 2.6.2
puppet puppet 2.6.11
puppet puppet 2.6.8
canonical ubuntu_linux 12.10
puppet puppet 2.6.4
canonical ubuntu_linux 11.10
puppet puppet 2.7.14
puppet puppet 2.7.9
puppet puppet 2.7.3
puppet puppet 2.7.10
puppet puppet 2.6.10
puppetlabs puppet 2.7.20
puppet puppet 2.6.15
puppet puppet 2.7.4
puppet puppet 2.6.1
puppet puppet 2.6.5
puppet puppet 2.7.8
puppet puppet 2.6.0
puppetlabs puppet *
puppet puppet 2.7.13
puppet puppet_enterprise 2.7.1
puppetlabs puppet 2.7.0
puppet puppet 2.6.3
puppet puppet 2.6.12
puppet puppet 2.7.18
puppet puppet 2.7.17
puppet puppet 2.6.9
puppet puppet 2.6.7
puppet puppet 2.6.16
puppet puppet 2.6.13
puppet puppet_enterprise 3.1.0
puppet puppet 2.7.7
puppet puppet 2.7.11
puppet puppet 2.7.6
puppet puppet 2.7.12
puppet puppet 2.7.16
puppet puppet 2.6.14
puppet puppet 2.6.6
puppetlabs puppet 2.7.1
puppetlabs puppet 2.7.19
puppet puppet 2.7.2
puppet puppet_enterprise 2.7.0
canonical ubuntu_linux 12.04
CVE-2013-2716 MEDIUM

Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote attackers to obtain console access via a crafted cookie.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
puppet puppet_enterprise *
puppet puppet_enterprise 2.5.1
puppetlabs puppet 1.0.0
puppetlabs puppet 2.6.0
puppet puppet_enterprise 2.5.2
puppetlabs puppet 1.1.0
puppetlabs puppet 1.2.0
puppet puppet_enterprise 2.0.0
puppetlabs puppet 2.5.0
CVE-2013-3567 HIGH

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
puppetlabs puppet 2.6.0
puppet puppet_enterprise 2.8.0
canonical ubuntu_linux 12.10
puppet puppet_enterprise 2.5.2
puppet puppet 3.2.1
puppet puppet 2.7.14
puppetlabs puppet 1.2.0
puppet puppet_enterprise 1.1
puppet puppet 2.7.10
puppet puppet 2.7.21
puppetlabs puppet 2.7.20
canonical ubuntu_linux 13.04
puppet puppet 2.7.13
puppetlabs puppet 2.5.0
puppet puppet_enterprise 1.0
puppetlabs puppet 2.7.0
puppet puppet 2.7.18
puppet puppet 2.7.17
puppet puppet_enterprise 2.5.1
puppetlabs puppet 3.2.0
puppetlabs puppet 1.0.0
puppetlabs puppet 1.1.0
puppet puppet 2.7.11
puppetlabs puppet 2.7.2
puppet puppet 2.7.12
novell suse_linux_enterprise_server 11.0
puppet puppet 2.7.16
puppet puppet_enterprise *
puppetlabs puppet 2.7.1
novell suse_linux_enterprise_desktop 11.0
puppetlabs puppet 2.7.19
novell suse_linux_enterprise_desktop 11
puppet puppet 2.7.2
puppet puppet_enterprise 1.2.0
puppet puppet_enterprise 2.0.0
canonical ubuntu_linux 12.04
CVE-2013-4761 MEDIUM

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
puppetlabs puppet 3.2.0
puppet puppet_enterprise 2.8.2
puppetlabs puppet 2.7.1
puppet puppet_enterprise 2.8.0
puppet puppet_enterprise 2.8.1
puppet puppet_enterprise 3.0.0
puppet puppet 2.7.2
puppet puppet 3.2.1
puppet puppet 3.2.2
puppetlabs puppet 2.7.0
puppet puppet 3.2.3
CVE-2013-4956 LOW

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
puppet puppet 2.7.5
puppet puppet_enterprise 2.8.0
puppet puppet 3.2.1
puppet puppet 3.2.2
puppet puppet 2.7.14
puppet puppet 2.7.9
puppet puppet 2.7.3
puppet puppet 2.7.10
puppet puppet 3.2.3
puppet puppet 2.7.21
puppet puppet_enterprise 2.8.2
puppet puppet_enterprise 2.8.1
puppet puppet 2.7.22
puppet puppet 2.7.4
puppet puppet 2.7.8
puppet puppet 2.7.13
puppetlabs puppet 2.7.0
puppet puppet 2.7.18
puppet puppet 2.7.17
puppetlabs puppet 3.2.0
puppet puppet 2.7.7
puppet puppet 2.7.11
puppet puppet 2.7.6
puppet puppet 2.7.12
puppet puppet 2.7.16
puppetlabs puppet 2.7.1
puppet puppet_enterprise 3.0.0
puppet puppet 2.7.2
CVE-2013-4969 LOW

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
debian debian_linux 8.0
puppet puppet_enterprise *
canonical ubuntu_linux 13.10
debian debian_linux 6.0
canonical ubuntu_linux 12.10
canonical ubuntu_linux 13.04
puppetlabs puppet *
debian debian_linux 7.0
canonical ubuntu_linux 12.04
CVE-2014-3248 MEDIUM

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-17,

Products Affected

Vendor Product Version
puppet puppet_enterprise *
puppet hiera *
puppet facter 2.0.0
puppet facter 2.0.1
puppetlabs facter *
puppet puppet *
puppet marionette_collective *
CVE-2014-3251 MEDIUM

The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
puppet puppet_enterprise *
puppetlabs mcollective -
CVE-2015-1426 LOW

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
puppet facter 1.6.18
puppetlabs facter 1.6.3
puppetlabs facter 1.6.4
puppet facter 2.0.2
puppetlabs facter 1.6.10
puppet facter 2.2.0
puppetlabs facter 1.6.9
puppet facter 1.6.0
puppet facter 1.7.0
puppet facter 1.6.10
puppetlabs facter 1.6.13
puppet facter 1.6.15
puppet facter 2.1.0
puppetlabs facter 1.7.5
puppetlabs facter 1.6.14
puppetlabs facter 1.6.15
puppet facter 2.0.0
puppetlabs facter 1.6.2
puppet facter 1.7.3
puppetlabs facter 2.0.1
puppet facter 1.7.4
puppet facter 1.6.2
puppet facter 1.7.2
puppetlabs facter 1.7.3
puppet facter 1.6.1
puppet facter 1.6.9
puppet facter 1.6.7
puppet facter 1.6.13
puppetlabs facter 1.6.7
puppetlabs facter 1.6.17
puppetlabs facter 1.7.1
puppetlabs facter 1.7.2
puppet facter 1.6.5
puppet facter 1.6.17
puppet facter 1.6.6
puppetlabs facter 1.6.12
puppetlabs facter 1.7.4
puppet facter 1.6.3
puppetlabs facter 1.6.11
puppet facter 1.6.8
puppet facter 2.3.0
puppet facter 2.0.1
puppetlabs facter 1.6.8
puppet facter 1.6.16
puppetlabs facter 1.6.1
puppet facter 2.4.0
puppetlabs facter 1.7.0
puppet facter 1.6.4
puppet facter 1.6.11
puppetlabs facter 1.6.6
puppetlabs facter 1.6.5
puppet facter 1.7.1
puppet facter 1.6.12
puppet facter 1.7.5
puppet facter 1.6.14
puppetlabs facter 1.6.18
puppetlabs facter 1.7.6
CVE-2015-7331 MEDIUM

The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
puppetlabs mcollective-puppet-agent *
CVE-2016-2787 MEDIUM

The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
puppetlabs puppet_enterprise 2015.3
puppet puppet_enterprise 2015.3.2