CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
EPSS
Percentile
85.5%
Puppet is a system configuration management tool written in Ruby.
Multiple vulnerabilities have been found in Puppet:
A local attacker with access to agent SSL keys could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or perform symlink attacks to overwrite or read arbitrary files on the Puppet master.
There is no known workaround at this time.
All Puppet users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/puppet-2.7.13"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | app-admin/puppet | < 2.7.13 | UNKNOWN |