Posted March 12, 2013
A vulnerability has been found in Puppet which could allow authenticated clients to execute arbitrary code on agents that have been configured to accept kick connections. This vulnerability is not present in the default configuration of puppet agents, but if they have been configured to listen for incoming connections (`listen=true`), and the agent's auth.conf has been configured to allow access to the `run` REST endpoint, then a client could construct an HTTP request which could execute arbitrary code. The severity of this issue is exacerbated by the fact that puppet agents typically run as root.
- Resolved in Puppet 2.7.21, 3.1.1, Puppet Enterprise 2.7.2