Arbitrary Code Execution Vulnerability in Puppet Server

Arbitrary Code Execution Vulnerability in Puppet Server

CVE-2013-1640 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.

Learn more about our Cis Benchmark Audit For Server Software.