CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:C/I:C/A:C
EPSS
Percentile
86.7%
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and
Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for
incoming connections is enabled and allowing access to the “run” REST
endpoint is allowed, allows remote authenticated users to execute arbitrary
code via a crafted HTTP request.