CVE-2013-4966

Puppet Enterprise <3.2.0 - Info Disclosure

Title source: llm

Description

The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.

References (2)

[Vendor Advisory] http://puppetlabs.com/security/cve/cve-2013-4966

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1029873

Scores

EPSS 0.0022

EPSS Percentile 44.8%

Classification

CWE

CWE-287

Status draft

Affected Products (4)

puppet/puppet_enterprise < 3.1.1

puppet/puppet_enterprise

Timeline

Published Mar 09, 2014

Tracked Since Feb 18, 2026