Overview

CVE-2013-1640 (Remote Code Execution Vulnerability)

  • Posted March 12, 2013

  • A vulnerability found in Puppet could allow an authenticated client to cause the master to execute arbitrary code while responding to a catalog request. Specifically, in order to exploit the vulnerability, the puppet master must be made to invoke the `template` or `inline_template` functions during catalog compilation.

    Status

    • Resolved in Puppet 2.6.18, 2.7.21, 3.1.1, Puppet Enterprise 1.2.7, 2.7.2