Posted March 12, 2013
A vulnerability found in Puppet could allow an authenticated client to connect to a puppet master and perform unauthorized actions. Specifically, given a valid certificate and private key, an agent could retrieve catalogs from the master that it is not authorized to access or it could poison the puppet master's caches for any puppet-generated data that supports caching such as catalogs, nodes, facts, and resources.
The extent and severity of this vulnerability varies depending on the specific configuration of the master: for example, whether it is using storeconfigs or not, which version, whether it has access to the cache or not, etc.
- Resolved in Puppet 2.6.18, 2.7.21, 3.1.1, Puppet Enterprise 1.2.7, 2.7.2