CVE-2012-1988 (Arbitrary Code Execution)

A bug in Puppet can be used to execute arbitrary code on the puppet master.

If a file whose full path contains an executable command string is created on the puppet master system, it is possible to cause Puppet to execute the embedded command by crafting a malicious file bucket request. This requires access to agent SSL keys and the ability to create directories and files on the puppet master system.


  • Resolved in Puppet 2.6.15 (source), 2.7.13 (source), rpm, deb
  • Resolved in Puppet Enterprise 1.2.5 and 2.5.1
  • Hotfixes available for Puppet Enterprise 1.0, 1.1, 1.2.x, and 2.0.x